October 13, 2023
Via: Security AffairsSucuri researchers reported that more than 17,000 WordPress websites have been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August. The Balada injector is a malware family […]
July 31, 2023
Via: The Hacker NewsMultiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, […]
Threats & Malware, Vulnerabilities
July 18, 2023
Via: The Hacker NewsThreat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables […]
July 3, 2023
Via: The Hacker NewsEvery website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can […]
Threats & Malware, Vulnerabilities
June 29, 2023
Via: The Hacker NewsA critical security flaw has been disclosed in miniOrange’s Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 (CVSS score: […]
June 22, 2023
Via: The Hacker NewsA critical security flaw has been disclosed in the WordPress “Abandoned Cart Lite for WooCommerce” plugin that’s installed on more than 30,000 websites. “This vulnerability makes it possible for an attacker to gain access to the accounts of users who […]
Threats & Malware, Vulnerabilities
May 12, 2023
Via: The Hacker NewsA security vulnerability has been disclosed in the popular WordPress plugin Essential Addons for Elementor that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in […]
April 10, 2023
Via: The Hacker NewsOver one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy’s Sucuri, “leverages all known and recently discovered theme and plugin vulnerabilities” to […]
Threats & Malware, Vulnerabilities
March 24, 2023
Via: The Hacker NewsPatches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted […]
Network security, Threats & Malware, Virus & Malware
February 14, 2023
Via: The Hacker NewsThe threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infect over 10,800 websites. “The main objective is still ad fraud by artificially increasing […]
Threats & Malware, Vulnerabilities
December 27, 2022
Via: TechRadarThousands of WordPress websites were found using a vulnerability add-on that allows threat actors to take over the site entirely. Researchers uncovered a critical flaw in YITH WooCommerce Gift Cards Premium, an add-on for the website builder providing an interface […]
Threats & Malware, Vulnerabilities
October 19, 2022
Via: Security WeekWordPress 6.0.3 fixes nine stored and reflected cross-site scripting (XSS) vulnerabilities, as well as open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection flaws. WordPress security company Defiant has shared a description of each vulnerability. Four of them […]
August 22, 2022
Via: Help Net SecurityMalware peddlers are exploiting users’ familiarity with and inherent trust in DDoS protection pages to make them download and run malware on their computer, Sucuri researchers have warned. Hidden malware and fake DDoS protection DDoS protection pages have become so […]
Threats & Malware, Vulnerabilities
June 17, 2022
Via: The Hacker NewsWordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that’s suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, […]
May 24, 2022
Via: Help Net SecurityOnline accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on preemptive account hijacking by way of single sign-on (SSO) technology, researchers Avinash Sudhodanan and […]
Threats & Malware, Vulnerabilities
May 18, 2022
Via: Security WeekTracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory. While the plugin includes an extension control, […]
Threats & Malware, Vulnerabilities
January 10, 2022
Via: Security WeekTwo of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC). Simon Scannell of SonarSource reported an object injection […]
Threats & Malware, Vulnerabilities
December 10, 2021
Via: The Hacker NewsAs many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of […]
November 23, 2021
Via: Help Net SecurityWith Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming cyber criminals. As part of NCSC’s Active Cyber Defence programme, the organization has […]
Threats & Malware, Virus & Malware
September 21, 2021
Via: The Hacker NewsA recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. “The malware’s primary tactic […]