Web security firm Sucuri warned that the Balada Injector threat group recently exploited WordPress plugins associated with the Newspaper and Newsmag themes. Users have purchased the premium WordPress …
200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin
Over 200,000 WordPress sites are vulnerable to ongoing attacks targeting the Ultimate Member Plugin. The service allows users to easily add profiles, define roles, and create member directories. …
Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability
The WooCommerce Stripe Payment Gateway plugin has a critical flaw that could expose hundreds of thousands of online stores. Called CVE-2023-34000, the vulnerability is an unauthenticated insecure …
WordPress Updates More Than a Million Sites to Fix Critical Ninja Forms Vulnerability
Content Management system (CMS) provider WordPress has updated over one million sites in order to patch a critical vulnerability that affects a popular plugin known as Ninja Forms. Wordfence threat …
Elementor Fixes Critical Bug in Popular WordPress Plugin
Elementor, a popular WordPress plugin, has received a critical update that patches a vulnerability that could be leveraged by attackers to change the appearance of websites. Elementor functions as a …
Continue Reading about Elementor Fixes Critical Bug in Popular WordPress Plugin
Vulnerability found in WordPress plugin with over 3 million installations
Cybersecurity researchers at Wordfence have warned that a vulnerability in a WordPress plugin has been detected. The plugin reportedly boasts over 3 million installations, and the vulnerability was …
Continue Reading about Vulnerability found in WordPress plugin with over 3 million installations
WordPress Plugin Bug Lets Subscribers Wipe Sites
A new flaw has been discovered in a popular WordPress plugin called Hashthemes Demo Importer. The vulnerability allows any authenticated user to wipe a vulnerable WordPress site completely clean, …
Continue Reading about WordPress Plugin Bug Lets Subscribers Wipe Sites
Critical Zero-Day in WordPress Plugin Under Active Attack
Security researchers have warned that a new critical zero-day vulnerability in a WordPress plugin has been found to be actively exploited in the wild. The plugin, called the Fancy Product Designer, is …
Continue Reading about Critical Zero-Day in WordPress Plugin Under Active Attack
Severe Flaws in Official ‘Facebook for WordPress’ Plugin
Security researchers have discovered critical vulnerabilities in the official Facebook for WordPress plugin, finding that they can be abused to upload arbitrary files which would likely lead to remote …
Continue Reading about Severe Flaws in Official ‘Facebook for WordPress’ Plugin
Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws
Attackers are currently targeting WordPress users who have not implemented patches to their plugins. Thrive Themes, a company that offers various products connected to WordPress, recently released …
Continue Reading about Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws