Wordpress Archives - Page 5 of 16

Pierluigi Paganini January 24, 2022

Tens of AccessPress WordPress themes compromised as part of a supply chain attack

Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a classic supply chain attack, threat actors planted a backdoor in dozens of WordPress plugins and themes hosted on a developer’s website. The attack took place in the first half of September 2021, the attackers compromised […]

Pierluigi Paganini January 17, 2022

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites

Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites. The vulnerability tracked as CVE-2022-0215 is a cross-site request forgery (CSRF) issue that received a CVSS score of 8.8. […]

Pierluigi Paganini December 09, 2021

Crooks injects e-skimmers in random WordPress plugins of e-stores

Threat actors are injecting credit card swipers into random plugins of e-commerce WordPress sites, Sucuri researchers warn. Sucuri researchers are warning of threat actors injecting credit card swipers into random plugins of e-commerce WordPress sites. The holidays season is the period when online scammers and threat actors intensify their operations. Sucuri researchers have spotted a […]

Pierluigi Paganini November 10, 2021

A flaw in WP Reset PRO WordPress plugin allows wiping the installation DB

A critical vulnerability in the WP Reset PRO WordPress plugin can allow an authenticated user to wipe the entire database of WordPress sites. Researchers from cybersecurity form Packstack have discovered a critical vulnerability in the WP Reset PRO WordPress plugin that could be exploited by an authenticated user to completely wipe the database of a […]

Pierluigi Paganini September 17, 2021

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. The malware spread through attacks exploiting known vulnerabilities (i.e. CVE-2020-14882 […]

Pierluigi Paganini May 20, 2021

Blind SQL Injection flaw in WP Statistics impacted 600K+ sites

Experts discovered a Time-Based Blind SQL Injection vulnerability in the WP Statistics plugin which is installed on over 600,000 WordPress sites. Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics, which is a WordPress plugin with over 600,000 active installs. The plugin was developed by VeronaLabs, it provides complete […]

Pierluigi Paganini May 09, 2021

SQL injection issue in Anti-Spam WordPress Plugin exposes User Data

‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in ‘Spam protection, AntiSpam, FireWall by CleanTalk’ WordPress plugin, tracked as CVE-2021-24295, could be exploited by an unauthenticated attacker to access user data. The flaw could be exploited by an attack to […]

Pierluigi Paganini April 09, 2021

Zerodium will pay $300K for WordPress RCE exploits

Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system. Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management system that could be used to achieve remote code execution. Zerodium announced via Twitter that is temporarily offering a $300,000 payout […]

Pierluigi Paganini March 30, 2021

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites

Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions […]

Pierluigi Paganini February 09, 2021

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

The development team behind the NextGen Gallery plugin has addressed two severe CSRF vulnerabilities that could have allowed site takeover. The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. The NextGEN […]

Wordpress

Tens of AccessPress WordPress themes compromised as part of a supply chain attack

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites

Crooks injects e-skimmers in random WordPress plugins of e-stores

A flaw in WP Reset PRO WordPress plugin allows wiping the installation DB

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Blind SQL Injection flaw in WP Statistics impacted 600K+ sites

SQL injection issue in Anti-Spam WordPress Plugin exposes User Data

Zerodium will pay $300K for WordPress RCE exploits

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

QUICK LINKS

Wordpress

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!