WordPress plugin

Pierluigi Paganini February 25, 2020
Hacking campaign targets sites running popular Duplicator WordPress plugin

Security experts are warning of a new wave of attacks targeting a zero-day vulnerability in the popular Duplicator WordPress Plugin. Last week the development team behind the popular Duplicator WordPress plugin, the Snap Creek, addressed a zero-day vulnerability that affected at least 1 million websites. Now researchers at security firm WordFence are warning of a […]

Pierluigi Paganini February 20, 2020
Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According to […]

Pierluigi Paganini February 18, 2020
Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability […]

Pierluigi Paganini January 20, 2020
WP Database Reset WordPress plugin flaws allow website takeover

The WP Database Reset WordPress plugin is affected by an “easily exploitable” vulnerability that can allow attackers to take over vulnerable sites.  Security experts from Wordfence discovered two security vulnerabilities in the WP Database Reset WordPress plugin that can van be used to take over the vulnerable websites. The WordPress Database Reset plugin allows users to reset the […]

Pierluigi Paganini December 13, 2019
A flaw in outdated versions of Beaver Builder and Elementor plugins allows hacking WordPress sites

WordPress sites running outdated versions of “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” plugins are exposed to hack. Security experts from MalCare discovered a critical easy-to-exploit authentication bypass vulnerability in “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor.” The vulnerability resides in the way the plugins let WordPress account holders, […]

Pierluigi Paganini May 30, 2019
Convert Plus WordPress plugin flaw allows hackers to create Admin accounts

The WordPress plugin Convert Plus is affected by a critical flaw that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. The WordPress plugin Convert Plus is affected by a critical vulnerability that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. A vulnerability ties with the […]

Pierluigi Paganini May 17, 2019
XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites

A vulnerability in the Live Chat Support plugin for WordPress could be exploited by attackers to inject malicious scripts in websites using it Researchers at Sucuri have discovered a stored/persistent cross-site scripting (XSS) vulnerability in the WP Live Chat Support plugin for WordPress. The flaw could be exploited by remote, unauthenticated attackers to inject malicious […]

Pierluigi Paganini April 15, 2019
Yellow Pencil WordPress Plugin flaw expose tens of thousands of sites

Thousands of WordPress sites using the Yellow Pencil Plugin were exposed to hacking due to a privilege escalation vulnerability in the plugin. A privilege escalation vulnerability in the Yellow Pencil Visual Theme Customizer plugin exposes WordPress websites to hack. The flaw could be exploited by attackers to update arbitrary options on vulnerable installations. Early this […]

Pierluigi Paganini March 24, 2019
WordPress Social Warfare plugin zero-day exploited in attacks

A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects. The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin […]

Pierluigi Paganini January 28, 2019
Hackers compromise WordPress sites via Zero-Day flaws in Total Donations plugin

Security experts at Wordfence security firms discovered WordPress Sites compromised via Zero-Day vulnerabilities in Total Donations Plugin The Total Donations WordPress plugin was abandoned by its developers for this reason security experts are recommending to delete it after they discovered multiple zero-day flaws that were exploited by threat actors. The news was reported by security […]