Experts discovered a new e-skimmer employed in MageCart attacks against WordPress websites using the WooCommerce plugin. Experts from security firm Sucuri discovered a new e-skimmer software that is different from similar malware used in Magecart attacks. The new software skimmed was employed in attacks on the WordPress-based e-store using the WooCommerce plugin. The e-skimmer doesnât […]
A critical privilege escalation flaw in the WordPress SEO Plugin â Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin â Rank Math plugin that could allow attackers to give administrator privileges to any registered user. Rank […]
Crooks behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites. behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites The malware was first spotted in July 2017 by the Italian security expert Manuel DâOrso who noticed that the malicious code was […]
Flaws in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups of 100K+ websites. The Popup Builder WordPress plugin is affected by security flaws that could be exploited by unauthenticated attackers to inject malicious JavaScript code into popups displayed on websites using it. More than 100,000 websites are […]
Threat actors are launching a hacking campaign aimed at taking over tens of thousands of WordPress sites by exploiting critical vulnerabilities. One of the issues exploited in the attacks is a zero-day vulnerability that affects several plugins and that could allow hackers to create admin accounts and take over the sites. Researchers at NinTechNet reported […]
A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According to […]
A serious flaw in the ThemeGrill Demo Importer WordPress theme plugin with over 200,000 active installs can be exploited to wipe sites and gain admin access to the site. Experts from the security firm WebARX have discovered a serious flaw in the WordPress theme plugin ThemeGrill Demo Importer with over 200,000 active installs. The vulnerability […]
Developers of the popular WordPress GDPR Cookie Consent plugin have addressed a critical bug that could potentially impact 700K users. Critical vulnerabilities in the WordPress GDPR Cookie Consent plugin could be exploited by potential attackers to delete and change the content of the sites and inject malicious JavaScript code due to improper access controls. The GDPR Cookie Consent plugin assists users […]
Over 200K WordPress sites are exposed to attacks due to a high severity cross-site request forgery (CSRF) bug in Code Snippets plugin. A high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417, in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin. The […]
WP Time Capsule and InfiniteWP WordPress plugins are affected by security flaws that could be exploited to take over websites running the popular CMS. Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer Revmakx. The flaws in WP Time […]