Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.
PHP Reinfector and Backdoor Malware Target WordPress Sites
Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan
WordPress plugins are under active attack, a new banking trojan is spreading, and phishing and brute-force attacks continue unabated.
Critical Account Takeover in LiteSpeed Cache Plugin
There is a critical vulnerability in the LiteSpeed Cache plugin - Unauth Account Takeover in 6.5.0.1 affecting 5+ millions of sites.
WordPress Websites Used to Distribute ClearFake Trojan Malware
Learn about the ClearFake Trojan malware distributed via WordPress sites, its tactics, and how to safeguard your online experience.
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. #Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
Fake update puts visitors at risk
WordPress admins, take heed: A recent development in a malware downloader called "SocGholish" could place your visitors at risk from malware infections!
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts. #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Unauthenticated function injection vulnerability in WordPress Shortcode Addons plugin (unpatched). – NinTechNet
The WordPress Shortcode Addons plugin version 3.2.5 and below is prone to an unauthenticated function injection vulnerability.
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0. The issue has been addressed in version 7.10.1 released on March 27, 2024, following responsible disclosure on March 25. "This update includes important security fixes," the maintainers of LayerSlider said in their release notes. LayerSlider is a visual web content editor, a graphic design software, and a digital visual effects that allows users to create animations and rich content for their websites. According to its own site, the plugin is used by "millions of users worldwide."
Security Flaw in WP-Members Plugin Leads to Script Injection
Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.
Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Over 7,100 WordPress sites have been hit by the 'Balada Injector' malware, which exploits sites using a vulnerable version of the Popup Builder plugin