In an attempt to inject malicious JavaScript into WordPress plugins and themes that are outdated, a previously detected Linux malware that is unknown has been found exploiting 30 vulnerabilities. The targeted website is injected with malicious JavaScript code if any outdated versions of the vulnerable add-ons are used on the site, as they lack crucial […]
Researchers at Zimperium zLabs recently identified a new Chrome browser botnet called ‘Cloud9’ that is intent on stealing the following information using malicious extensions:- Online accounts credentials Log keystrokes Inject ads Inject malicious JS code Enroll the victim’s browser in DDoS attacks This method is becoming increasingly attractive for malware developers to target web browsers […]
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, […]
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. “This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information,” it said. BackupBuddy allows users to back up their entire WordPress installation from within the […]
Hackers are reportedly targeting WordPress sites that use an unknown security version of the Tatsu no-code website builder plugin. As part of a massive attack attacking a vulnerability in the Tatsu Creator plugin, a vast number of WordPress websites could be compromised. The vulnerability, identified as CVE-2021-25094, also known as the CVSS score of 8.1, […]
Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March […]
A report specialized in WordPress security points to a 150% increase in reported flaws during 2021 compared to the previous year, in addition to establishing that almost 30% of the vulnerabilities detected in plugins for WordPress do not receive updates. Since this is the most widely used content management system (CMS) in the world, this […]
Patches have been issued to contain a “severe” security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site’s private data using an account on the vulnerable sites. “All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, […]
The developers of the popular UpdraftPlus plugin announced a series of updates to address a vulnerability that would allow any user who has logged into a WordPress website with this plugin to download the backups available on the systems, which could potentially lead to the leakage of sensitive information. Wordfence researchers published a proof of […]
Cybersecurity specialists report the detection of a critical vulnerability in Popular Posts, a plugin for the content management system (CMS) WordPress. According to the report, the successful exploitation of this flaw would allow threat actors to deploy multiple risk scenarios. Tracked as CVE-2021-42362, this flaw exists due to improper file validation during upload to ~/src/Image.php, […]
The vulnerability existed in the WP Reset PRO WordPress plugin which is used by more than 400,000 websites. The IT security researchers at Patchstack (previously known as WebARX) have discovered a high severity security vulnerability in the WP Reset PRO WordPress plugin that allows ‘authenticated’ users to wipe data from vulnerable websites. According to their […]
Cybersecurity specialists notified WordPress of the detection of two vulnerabilities in the popular Ninja Forms plugin. According to the report, successful exploitation of the flaws could allow malicious hackers to extract sensitive information and send phishing emails from compromised websites. The report, presented by Wordfence, mentions that the flaw in this plugin with more than […]
Cybersecurity specialists report the detection of a cross-site scripting (XSS) vulnerability in SEOPress, a popular WordPress plugin for search engine optimization (SEO), allowing webmasters to manage SEO metadata, social media cards, Google Ads settings and other useful features. Currently this plugin has more than 100 thousand active installations, so this report should be taken seriously. […]
Cybersecurity specialists report the discovery of a critical vulnerability in Less.js, a widely used preprocessor language. According to the report, the flaw could be exploited by threat actors to deploy remote code execution attacks. Researchers report that Less.js is transpiles into valid CSS code and used for CSS writing of websites. In addition, the Less.js […]
A set of security flaws in ProfilePress, a popular WordPress plugin would allow threat actors to deploy remote code execution attacks. According to Wordfence experts, a total of four security flaws were detected that received a score of 9.8/10 on the Common Vulnerability Scoring System (CVSS) scale and their successful exploitation would allow hackers to […]
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence’s threat intelligence team, which discovered the flaw, said it reported the issue to the plugin’s developer […]
Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached […]
Are you running a WordPress website? If yes, then you must learn about the fact that there is several WordPress vulnerability. Moreover, black hat hackers are always waiting to get access to your site by taking advantage of such exposures. Hence, you must determine the ways to this problem. Furthermore, there are several harmful activities […]
Again, new reports of security flaws that could affect the millions of WordPress users, the most popular content management system (CMS), have appeared. According to web application security specialists, the presence of a critical vulnerability has been detected in Jetpack, one of the most widely used WordPress plugins. Jetpack has free security, performance, and website […]
WordPress is probably the most popular content management system (CMS) today, so it’s no wonder it’s also the subject of multiple cybersecurity threats. According to cybersecurity experts, the most serious of these threats is a criminal campaign deployed by a group identified as WP-VCD, from which most hacking incidents against WordPress sites stem. A report […]
IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG tree in the separate view Some screenshots of TAGS view: […]