Threats & Malware, Vulnerabilities
September 13, 2021
Via: Security WeekUsers have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript […]
Threats & Malware, Virus & Malware
September 7, 2021
Via: Help Net SecurityIt’s no surprise to anyone who works in security that there’s been an explosion in ransomware incidents over the last two years, costing companies across various industries millions of dollars. According to a recent report from the Institute for Security […]
Threats & Malware, Vulnerabilities
April 21, 2021
Via: Security WeekThe report is based on data from Patchstack’s WordPress vulnerability database, which includes information collected by the company’s internal research team and its bug bounty community, by third-party cybersecurity vendors, and by independent security researchers. It’s worth noting that the […]
Threats & Malware, Vulnerabilities
January 29, 2021
Via: Security AffairsDevelopers behind the “Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter” WordPress plugin have recently addressed multiple vulnerabilities that can be exploited to perform various malicious actions on affected websites. The plugin has over 200,000 active installations […]
Threats & Malware, Vulnerabilities
November 18, 2020
Via: Security AffairsExperts at the Wordfence Threat Intelligence team uncovered a large-scale wave of attacks targeting reported Function Injection vulnerabilities in themes using the Epsilon Framework. Below a list of themes and related versions that are vulnerable to the above attacks: Shapely […]
Threats & Malware, Vulnerabilities
September 11, 2020
Via: Security WeekWith over 700,000 active installs, File Manager is a highly popular WordPress plugin that provides admins with file and folder management capabilities (copy/paste, delete, download/upload, edit, and archive). In early September 2020, the plugin’s developer addressed a critical-severity zero-day flaw […]
Hacker, Threats & Malware, Vulnerabilities
September 2, 2020
Via: Security AffairsHackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin. The […]
Threats & Malware, Vulnerabilities
July 10, 2020
Via: Security AffairsResearchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites. KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch […]
Threats & Malware, Vulnerabilities
June 9, 2020
Via: Hot for SecurityA vast campaign targeting WordPress-based websites was identified by the Wordfence Firewall as it targeted 1.3 million pages, trying to leverage known plugins and theme vulnerabilities. WordPress is just one of the platforms used to create and deploy websites and, […]
June 4, 2020
Via: Security AffairsSecurity researchers from WordFence have observed a large-scale campaign over the weekend aimed at stealing configuration files from WordPress sites. Threat actors attempted to exploit well- known vulnerabilities in unpatched plugins to download configuration files from WordPress sites and steal […]
May 20, 2020
Via: Security WeekWooCommerce is a highly popular open-source eCommerce plugin for WordPress that allows site owners to easily set up their own online store. With more than 5 million installations, it is one of the biggest eCommerce platforms and is often targeted […]
Threats & Malware, Vulnerabilities
May 18, 2020
Via: Security WeekWP Product Review Lite is designed for creating product reviews on WordPress websites. It supports the creation of a top products review widget and also allows monetization through the addition of a “buy now” button in posts. The plugin has […]
Threats & Malware, Vulnerabilities
May 14, 2020
Via: Security WeekThe plugin, Site Kit by Google, was designed to provide site admins with information on how people find and use their websites, providing insights from critical Google tools, straight to the WordPress dashboard. The plugin has over 400,000 active installations. […]
Threats & Malware, Vulnerabilities
May 8, 2020
Via: Security WeekWith an estimated install base of over 1 million websites, Elementor Pro is the paid version of the free Elementor plugin (which has more than 4 million users), a drag and drop page builder. Only Elementor Pro, which is available […]
May 1, 2020
Via: Security AffairsThe developers behind the Ninja Forms WordPress plugin have addressed a Cross-Site Request Forgery (CSRF) vulnerability that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Ninja Forms is a drag and drop form builder plugin for WordPress builder that […]
Threats & Malware, Vulnerabilities
April 28, 2020
Via: Security AffairsA vulnerability in the Real-Time Find and Replace WordPress plugin could be exploited by attackers to create rogue admin accounts. The Real-Time Find and Replace WordPress plugin is currently installed on over 100,000 sites, it allows users to dynamically (i.e. […]
Threats & Malware, Vulnerabilities
April 3, 2020
Via: Security AffairsAdministrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue admins or taking over admin sessions. The ‘Contact […]
Threats & Malware, Vulnerabilities
March 13, 2020
Via: Security AffairsThe Popup Builder WordPress plugin is affected by security flaws that could be exploited by unauthenticated attackers to inject malicious JavaScript code into popups displayed on websites using it. More than 100,000 websites are exposed to cyber attacks that could […]
Threats & Malware, Vulnerabilities
March 3, 2020
Via: Naked SecurityThousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the popular WordPress ecommerce system WooCommerce. […]
Threats & Malware, Vulnerabilities
January 30, 2020
Via: Security AffairsA high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417, in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin. The plugin allows users to execute code […]