plugin

Pierluigi Paganini October 03, 2017
Zero-Day flaws in 3 WordPress Plugins being exploited in the wild

Security experts at Wordfence reported that Zero-Day vulnerabilities in three different WordPress plugins have been exploited in the wild. Zero-day vulnerabilities in several WordPress plugins have been exploited by threat actors in the wild to hack vulnerable websites and deliver backdoors, the alarm was launched by security firm Wordfence. The attackers have exploited three critical zero-day vulnerabilities […]

Pierluigi Paganini September 15, 2017
Backdoored Display Widgets Plugin potentially affects 200,000 WordPress installs abusing them to spam content

Around 200,000 WordPress websites using the Display Widgets Plugin were impacted after it was updated to include malicious code. According to security firm Wordfence, roughly 200,000 WordPress websites were impacted after a plugin they were using was updated to include a backdoor. “If you have a plugin called “Display Widgets” on your WordPress website, remove it […]

Pierluigi Paganini November 23, 2016
WordPress Plugins could expose online shoppers on Black Friday and Cyber Monday

Black Friday and Cyber Monday are upon us, Checkmarx published a report analyzing the security of some of the top WordPress plugins. The Black Friday and the Cyber Monday are upon us and security experts from Checkmarx are questioning the security of some of the top WordPress e-commerce plugins that are currently used in more […]

Pierluigi Paganini October 19, 2016
SQL Injection zero-day in component ja-k2-filter-and-search of Joomla

Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla, a popular open-source Content Management System (CMS). This component has been used in various Joomla sites. Through the use of the […]

Pierluigi Paganini April 09, 2015
FBI warns of attacks against WordPress-based sites run by ISIS sympathizers

The FBI is warning that individuals sympathetic to the ISIS are running mass-hacking websites exploiting known vulnerabilities in WordPress. The FBI is warning administrators of WordPress websites about the possibility of cyber attacks carried out by sympathizers of the ISIS  terrorist group. Unfortunately, it is quite simple to compromise websites based on the popular content management system (CMS) that […]

Pierluigi Paganini April 07, 2015
Flaw in WP-Super-Cache plugin threatens million of WordPress websites

Million of WordPress websites are vulnerable to cyber attacks due to a critical vulnerability affecting the WP-Super-Cache plugin. Million of WordPress websites using the WP-Super-Cache are exposed to the risk of cyber attack due to a critical vulnerability affecting the popular plugin. The WP-Super-Cache plugin, is normally used to improve the performance of the WordPress website because it generates static HTML […]

Pierluigi Paganini February 26, 2015
More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

A security bug in the WordPress plugin WP-Slimstat could be exploited by attackers to discover a “secret” key and use it to run blind SQL Injections. More than one million WordPress sites are potentially vulnerable to SQL injection attacks due to the presence of a critical flaw in the popular plugin WP-Slimstat. WP-Slimstat is an analytics plugin for […]

Pierluigi Paganini February 11, 2015
Exploiting Vulnerabilities in WordPress plugins, a cybercrime trend

A serious vulnerability in the FancyBox WordPress plugin makes it easy for a hacker to compromise any website based on the popular CMS. Last week SecurityWeek reported about another a zero-day flaw found in a WordPress plugin. This time, a new vulnerability found in the popular FancyBox for WordPress plugin could be exploited to inject […]

Pierluigi Paganini July 24, 2014
Thousands of WordPress Sites hacker through MailPoet flaw

Security experts at Sucuri form have observed a surge of cyber attacks against WordPress website which are using not updated version of MailPoet plugin. A large scale attack has hit more than 50,000 websites, the attacker exploited a recently patched vulnerability in a popular plugin for the WordPress CMS. Early July, experts at security firm Sucuri discovered […]

Pierluigi Paganini June 01, 2014
15 million WordPress instances run flawed SEO plugin. Fix it!

Security researchers at Sucuri firm have discovered multiple serious vulnerabilities in the popular ‘All In One SEO Pack’ plugin for WordPress. WordPress in one of most targeted CMS platforms due its large diffusion, attackers are able to compromise victim instance exploiting flaws in outdated version or in vulnerable plugins . The Netcraft internet services company, in […]