Hidden malware strikes WordPress mu-plugins. Our latest findings reveal how to safeguard your site against these threats.
Dive into our investigation of WordPress malware and find out how mu-plugins are used to hide backdoor threats.
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
WordPress plugins are under active attack, a new banking trojan is spreading, and phishing and brute-force attacks continue unabated.
There is a critical vulnerability in the LiteSpeed Cache plugin - Unauth Account Takeover in < 6.5.0.1 affecting 5+ millions of sites.
Pidgin is a universal chat client, allowing you to consolidate all your different messaging apps into a single tool.
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.
#Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.
#Actively #Calendar #Computer #Events #Exploited #File #InfoSec #Modern #Plugin #Security #Upload #Vulnerability #WordPress
Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
The WordPress Shortcode Addons plugin version 3.2.5 and below is prone to an unauthenticated function injection vulnerability.
Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.
Over 7,100 WordPress sites have been hit by the 'Balada Injector' malware, which exploits sites using a vulnerable version of the Popup Builder plugin
Discover the latest waves of the ongoing Balada Injector malware campaign targeting unpatched tagDiv premium WordPress themes. Dive into the technical details of the injected scripts, explore their functionality, and understand the potential threats they pose to site administrators.
AIOS bills itself as an "all-in-one" security solution. A just-fixed bug undermined that.
Gravity Forms, a popular WordPress plugin, has been found vulnerable to
unauthenticated PHP Object Injection attacks.
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers unauthenticated attackers the ability to add malicious JavaScript to a website, potentially allowing ...Read More
Plugins can return malicious content and hijack your AI.
The time for attackers to respond to known vulnerabilities is shrinking. See an example of an attacker using sample code.
The Akamai Security Intelligence Group (SIG) has been analyzing attack attempt activity following the announcement of a critical vulnerability in a WordPress custom fields plug-in affecting more than 2 million sites.
Exploiting this vulnerability could lead to a reflected cross-site scripting (XSS) attack, in which malicious code is injected into a victim site and pushed to its visitors.
On May 4, 2023, the WP Engine team announced the security fix in version 6.1.6, including sample exploit code as a proof of concept (PoC).
Starting on May 6, less than 48 hours after the announcement, the SIG observed significant attack attempt activity, scanning for vulnerable sites using the sample code provided in the technical write-up.
This highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management.
Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Advanced Custom Fields PRO Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 6.1.6.
