Tag: WordPress

December 16, 2019

Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm […]

September 26, 2019

An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting (XSS) attacks. Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to […]

September 5, 2019

WordPress developers on Thursday announced the availability of version 5.2.3, a maintenance and security release that includes 29 fixes and enhancements, along with several security patches. As far as security is concerned, WordPress 5.2.3 mostly patches cross-site scripting (XSS) vulnerabilities. […]

September 3, 2019

A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the vulnerable installations, Wordfence’s Mikey Veenstra warns. The attacks The attackers are exploiting vulnerabilities in […]

August 26, 2019

Researchers are warning of an ongoing campaign exploiting vulnerabilities in a slew of WordPress plugins. The campaign is redirecting traffic from victims’ websites to a number of potentially harmful locations. Impacted by the campaign is a plugin called Simple 301 […]

July 24, 2019

A widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages. Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with the vulnerable plugins […]

June 12, 2019

Experts at Alert Logic have discovered a vulnerability in the popular WordPress Live Chat plugin that could be exploited by an unauthorized remote attacker to steal chat logs or manipulate chat sessions. The critical vulnerability, tracked as CVE-2019-12498, is a […]

April 24, 2019

Active exploits for a recently disclosed bug in a popular WordPress plugin, Social Warfare, are snowballing in the wild – potentially putting more than 40,000 websites at risk. The vulnerability, CVE-2019-9978, tracks both a stored cross-site scripting (XSS) vulnerability and […]

April 12, 2019

The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several […]

April 3, 2019

Crooks are utilizing hidden “well-known” directories of HTTPS sites running WordPress and Joomla websites to store and serve malicious payloads. Hacked websites were used for several malicious purposes, experts observed compromised WordPress and Joomla websites serving Shade/Troldesh ransomware, coin miners, […]

March 14, 2019

Security researcher Simon Scannell from RIPS Technologies has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks. The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress […]

December 18, 2018

Privilege escalation vulnerabilities in WordPress allow attackers to access features that were intended for administrators only, RIPS Tech security researchers say. An attacker with a user role as low as contributor on WordPress – the free and open-source content management […]

November 23, 2018

Recently patched vulnerabilities in the popular AMP for WP plugin are being targeted in an active Cross-Site Scripting (XSS) campaign, Wordfence reports. With over 100,000 installs, the plugin adds Accelerated Mobile Pages (Google AMP Project) functionality to websites, which makes […]

November 19, 2018

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. Another day, another critical WordPress plugin vulnerability. The popular AMP for WP plugin, which helps WordPress sites load faster on […]

July 13, 2018

Security experts from Imperva recently observed a spike in spam activity directed at WordPress websites, attackers aimed at tricking victims into clicking on links to sites offering betting services on the 2018 FIFA World Cup games. Imperva monitored the activity […]

June 28, 2018

Seven months ago, security experts discovered a critical file deletion vulnerability that affects all WordPress versions, currently, the issue is still unpatched. The vulnerability could be exploited to complete takeover of the websites running the popular CMS and gain arbitrary […]

April 23, 2018

You might have heard that WordPress security is often referred to as “hardening.” While the name might cause a few eyebrows to raise, overall, it makes sense. To clarify, the process of adding security layers is similar to boosting the […]

February 28, 2018

Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or […]

November 16, 2017

Vulnerabilities found by a researcher in a popular WordPress plugin can be exploited by malicious actors to gain access to sensitive data and take control of affected websites. Formidable Forms, available both for free and as a paid version that […]

November 2, 2017

A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to takeover. WordPress released WordPress 4.8.3 Tuesday, which mitigates the vulnerability. “This is […]