Security experts are warning of a new wave of attacks targeting a zero-day vulnerability in the popular Duplicator WordPress Plugin. Last week the development team behind the popular Duplicator WordPress plugin, the Snap Creek, addressed a zero-day vulnerability that affected at least 1 million websites. Now researchers at security firm WordFence are warning of a […]
A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According to […]
A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability […]
The WP Database Reset WordPress plugin is affected by an “easily exploitable” vulnerability that can allow attackers to take over vulnerable sites. Security experts from Wordfence discovered two security vulnerabilities in the WP Database Reset WordPress plugin that can van be used to take over the vulnerable websites. The WordPress Database Reset plugin allows users to reset the […]
WordPress sites running outdated versions of “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” plugins are exposed to hack. Security experts from MalCare discovered a critical easy-to-exploit authentication bypass vulnerability in “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor.” The vulnerability resides in the way the plugins let WordPress account holders, […]
The WordPress plugin Convert Plus is affected by a critical flaw that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. The WordPress plugin Convert Plus is affected by a critical vulnerability that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. A vulnerability ties with the […]
A vulnerability in the Live Chat Support plugin for WordPress could be exploited by attackers to inject malicious scripts in websites using it Researchers at Sucuri have discovered a stored/persistent cross-site scripting (XSS) vulnerability in the WP Live Chat Support plugin for WordPress. The flaw could be exploited by remote, unauthenticated attackers to inject malicious […]
Thousands of WordPress sites using the Yellow Pencil Plugin were exposed to hacking due to a privilege escalation vulnerability in the plugin. A privilege escalation vulnerability in the Yellow Pencil Visual Theme Customizer plugin exposes WordPress websites to hack. The flaw could be exploited by attackers to update arbitrary options on vulnerable installations. Early this […]
A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects. The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin […]
Security experts at Wordfence security firms discovered WordPress Sites compromised via Zero-Day vulnerabilities in Total Donations Plugin The Total Donations WordPress plugin was abandoned by its developers for this reason security experts are recommending to delete it after they discovered multiple zero-day flaws that were exploited by threat actors. The news was reported by security […]