Wordpress Archives - Page 4 of 16

Pierluigi Paganini August 21, 2022

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages […]

Pierluigi Paganini July 15, 2022

Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons

Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The […]

Pierluigi Paganini June 19, 2022

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability […]

Pierluigi Paganini May 12, 2022

Massive hacking campaign compromised thousands of WordPress websites

Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites. Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. The infections automatically redirect site visitors to third-party websites containing malicious content […]

Pierluigi Paganini February 19, 2022

UpdraftPlus WordPress plugin update forced for million sites

WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has forced the update of the UpdraftPlus plugin around three million sites to address a high-severity vulnerability, tracked as CVE-2022-0633 (CVSS v3.1 score of 8.5) that can allow website subscribers to download the latest database backups, which could potentially […]

Pierluigi Paganini February 10, 2022

Critical RCE flaws in PHP Everywhere WordPress plugin affect thousands of sites

WordPress plugin PHP Everywhere is affected by three critical issues that can be exploited to execute arbitrary code on affected systems. Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress plugin, all the issues have received a CVSS score of 9.9. The plugin that allows WordPress admins to insert PHP code […]

Pierluigi Paganini February 01, 2022

RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites

A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites. Essential Addons for Elementor is a popular WordPress plugin used in over a million sites that provides easy-to-use and creative elements to improve the appearance of the pages. The plugin is affected by a critical remote code […]

Pierluigi Paganini January 24, 2022

Tens of AccessPress WordPress themes compromised as part of a supply chain attack

Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a classic supply chain attack, threat actors planted a backdoor in dozens of WordPress plugins and themes hosted on a developer’s website. The attack took place in the first half of September 2021, the attackers compromised […]

Pierluigi Paganini January 17, 2022

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites

Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites. The vulnerability tracked as CVE-2022-0215 is a cross-site request forgery (CSRF) issue that received a CVSS score of 8.8. […]

Pierluigi Paganini December 09, 2021

Crooks injects e-skimmers in random WordPress plugins of e-stores

Threat actors are injecting credit card swipers into random plugins of e-commerce WordPress sites, Sucuri researchers warn. Sucuri researchers are warning of threat actors injecting credit card swipers into random plugins of e-commerce WordPress sites. The holidays season is the period when online scammers and threat actors intensify their operations. Sucuri researchers have spotted a […]

Wordpress

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Massive hacking campaign compromised thousands of WordPress websites

UpdraftPlus WordPress plugin update forced for million sites

Critical RCE flaws in PHP Everywhere WordPress plugin affect thousands of sites

RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites

Tens of AccessPress WordPress themes compromised as part of a supply chain attack

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites

Crooks injects e-skimmers in random WordPress plugins of e-stores

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

China-linked group Houken hit French organizations using zero-days

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

Cisco removed the backdoor account from its Unified Communications Manager

QUICK LINKS

Wordpress

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!