Wordpress

Unveiling the Balada injector: a malware epidemic in WordPressUnveiling the Balada injector: a malware epidemic in WordPress

Unveiling the Balada injector: a malware epidemic in WordPress

Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless…

2 years ago
A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hackingA flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

Experts warn of an unauthenticated privilege escalation flaw in the popular Essential 'Addons for Elementor' WordPress plugin. Essential 'Addons for…

2 years ago
WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacksWordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks

WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks

A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking.…

2 years ago
Abandoned Eval PHP WordPress plugin abused to backdoor websitesAbandoned Eval PHP WordPress plugin abused to backdoor websites

Abandoned Eval PHP WordPress plugin abused to backdoor websites

Threat actors were observed installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment. Researchers from Sucuri…

2 years ago
Critical flaw in WooCommerce Payments plugin allows site takeoverCritical flaw in WooCommerce Payments plugin allows site takeover

Critical flaw in WooCommerce Payments plugin allows site takeover

A patch for a critical vulnerability in the WooCommerce Payments plugin for WordPress has been released for over 500,000 websites.…

2 years ago
AdSense fraud campaign relies on 10,890 sites that were infected since September 2022AdSense fraud campaign relies on 10,890 sites that were infected since September 2022

AdSense fraud campaign relies on 10,890 sites that were infected since September 2022

The threat actors behind a massive AdSense fraud campaign infected 10,890 WordPress sites since September 2022. In November 2022, researchers from…

2 years ago
Experts warn of attacks exploiting WordPress gift card pluginExperts warn of attacks exploiting WordPress gift card plugin

Experts warn of attacks exploiting WordPress gift card plugin

Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over…

2 years ago
Massive Black hat SEO campaign used +15K WordPress sitesMassive Black hat SEO campaign used +15K WordPress sites

Massive Black hat SEO campaign used +15K WordPress sites

Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals.…

3 years ago
Threat actors are actively exploiting a zero-day in WPGateway WordPress pluginThreat actors are actively exploiting a zero-day in WPGateway WordPress plugin

Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin

Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat…

3 years ago
A study on malicious plugins in WordPress MarketplacesA study on malicious plugins in WordPress Marketplaces

A study on malicious plugins in WordPress Marketplaces

A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites.…

3 years ago
Show more Posts
Show previous Posts