Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. “Improved code security enforcement in WooCommerce […]
A serious flaw has been found in WooCommerce, a popular plug-in for managing online businesses that are built on the WordPress platform. This flaw might enable cybercriminals to take control of websites. Nevertheless, the WooCommerce team has provided fixes, and attackers are able to reverse-engineer the patch. Technical specifics concerning the vulnerability have not yet […]
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 […]
In an attempt to inject malicious JavaScript into WordPress plugins and themes that are outdated, a previously detected Linux malware that is unknown has been found exploiting 30 vulnerabilities. The targeted website is injected with malicious JavaScript code if any outdated versions of the vulnerable add-ons are used on the site, as they lack crucial […]
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. “If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts,” Russian security vendor Doctor Web said in a […]
This week, WordPress 6.0.3 began to be distributed. The most recent security update fixes 16 flaws. In addition to addressing open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection vulnerabilities, WordPress 6.0.3 now addresses nine stored and reflected cross-site scripting (XSS) vulnerabilities. Each vulnerability has been described by WordPress security firm Defiant. Four […]
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, […]
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. “This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information,” it said. BackupBuddy allows users to back up their entire WordPress installation from within the […]
Hackers are reportedly targeting WordPress sites that use an unknown security version of the Tatsu no-code website builder plugin. As part of a massive attack attacking a vulnerability in the Tatsu Creator plugin, a vast number of WordPress websites could be compromised. The vulnerability, identified as CVE-2021-25094, also known as the CVSS score of 8.1, […]
Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which disclosed the flaw last week, said the bug was introduced in version 3.6.0 that was released on March […]
A report specialized in WordPress security points to a 150% increase in reported flaws during 2021 compared to the previous year, in addition to establishing that almost 30% of the vulnerabilities detected in plugins for WordPress do not receive updates. Since this is the most widely used content management system (CMS) in the world, this […]
Patches have been issued to contain a “severe” security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site’s private data using an account on the vulnerable sites. “All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, […]
The developers of the popular UpdraftPlus plugin announced a series of updates to address a vulnerability that would allow any user who has logged into a WordPress website with this plugin to download the backups available on the systems, which could potentially lead to the leakage of sensitive information. Wordfence researchers published a proof of […]
It’s undeniable that most organizations are launching their websites through WordPress. And that’s why it’s crucial to find a form builder that offers easy plugins for the said platform. Online form makers can help you in your objectives—whether you want to create a contact form to nurture your database or build more complicated web forms […]
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed […]
Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission (SEC), the world’s largest […]
Cybersecurity specialists report the detection of a critical vulnerability in Popular Posts, a plugin for the content management system (CMS) WordPress. According to the report, the successful exploitation of this flaw would allow threat actors to deploy multiple risk scenarios. Tracked as CVE-2021-42362, this flaw exists due to improper file validation during upload to ~/src/Image.php, […]
The vulnerability existed in the WP Reset PRO WordPress plugin which is used by more than 400,000 websites. The IT security researchers at Patchstack (previously known as WebARX) have discovered a high severity security vulnerability in the WP Reset PRO WordPress plugin that allows ‘authenticated’ users to wipe data from vulnerable websites. According to their […]
Cybersecurity specialists notified WordPress of the detection of two vulnerabilities in the popular Ninja Forms plugin. According to the report, successful exploitation of the flaws could allow malicious hackers to extract sensitive information and send phishing emails from compromised websites. The report, presented by Wordfence, mentions that the flaw in this plugin with more than […]
Security vulnerabilities are inevitable but one can avoid them by securing applications. In this article, we are listing 5 popular WordPress security solution providers who also offer free SSL certificates. Security plays a vital role in software application development. Today, we have many open source/proprietary software available on the internet to develop an application. Open-source […]
Cybersecurity specialists report the detection of a cross-site scripting (XSS) vulnerability in SEOPress, a popular WordPress plugin for search engine optimization (SEO), allowing webmasters to manage SEO metadata, social media cards, Google Ads settings and other useful features. Currently this plugin has more than 100 thousand active installations, so this report should be taken seriously. […]