Browsing tag
WordPress is probably the most popular content management system (CMS) today, so it’s no wonder it’s also the subject of multiple cybersecurity threats. According to cybersecurity experts, the most serious of these threats is a criminal campaign deployed by a group identified as WP-VCD, from which most hacking incidents against WordPress sites stem. A report […]
Researchers discovered an ongoing buggy malware campaign that attempts to exploit the newly discovered vulnerabilities resides in the WordPress theme and plugin. Cybercriminals are always curious about developing the exploits soon after the new vulnerabilities found in wide particularly sites that running under WordPress. Attackers are cleverly changing the new domains every week by slightly […]
Vulnerability testing specialists have reported the presence of an unpatched zero-day vulnerability in the software of phpMyAdmin, one of the world’s most widely used MySQL and MariaDB database management applications. In addition to reporting the vulnerability, the experts published some details of the proof-of-concept for its exploitation. As mentioned before, phpMyAdmin is a free and […]
Do you have a WordPress website? Here are some quick and easy tips to increase your WordPress security and keep your site safe. Did you know that more than 25% of websites on the internet are powered by WordPress? Whether your WordPress website was created for business or pleasure, keeping its content safe from hackers is crucial […]
Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities. According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe. Cybercriminals launch the […]
Experts in vulnerability testing discovered a critical flaw in Ad Inserter, a plugin for advertising management on WordPress sites. If exploited, this flaw would allow any low-privileged user to execute code on the compromised web server. After the presence of this flaw was verified, multiple members of the cybersecurity community recommended that system administrators using […]
Cybersecurity specialists recommend e-commerce WordPress websites using the WooCommerce plugin to remain alert due to the presence of a critical vulnerability that, if exploited, could allow hackers to take control of trade movements on a compromised website. Plugin Vulnerabilities, a company dedicated to the security of sites in WordPress, was in charge of revealing the […]
Cyber forensics course specialists report an active campaign to exploit two critical vulnerabilities in Social Warfare, one of the most used social media plugins, to take control over WordPress websites that use a non updated version of this plugin. Social Warfare is a plugin widely used by WordPress site administrators and has been downloaded almost […]
WPScan is a WordPress security scan for detecting and reporting WordPress vulnerabilities. WordPress is a free online Open source content Managed system focused on PHP and MySQL. It is one of the powerful and most used blogging tools. As there is too many up’s and down’s in WordPress usage, it requires a security improvement, so […]
Are you planning to hand over admin access of your WordPress site to someone else? You certainly need to take some steps to ensure the security of your WordPress website. Since your WordPress site is your creation and you have put in a lot of hard work and efforts to make it what it is […]
A newly published research from Defiant, a WordPress security firm, reveals that there is a botnet hunting for WordPress sites using over 20,000 already compromised WordPress sites. As the new sites are infected, these automatically become part of the bot army and start acting on the directions of the attackers to perform tasks like brute […]
A flaw in how WordPress handles privileges can be exploited to take control of a domain A flaw in the WordPress process to manage user privilege assignments can be exploited to allow a malicious actor to hijack WooCommerce websites, as reported by specialists in digital forensics from the International Institute of Cyber Security. The security problem […]
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby >= 2.2.2 – Recommended: 2.3.3 Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault RubyGems – Recommended: latest From RubyGems: gem install […]
Researchers specializing in enterprise data protection services claim to have discovered a new spam comments campaign taking advantage of the FIFA World Cup popularity to deceive people to click on links that lead them to gambling sites of dubious reputation. The campaign, which mainly aims at WordPress pages, is launched by a botnet and implemented in the form of […]
Denis Sinegubko (a security researcher from Sucuri) has discovered a new wave of the known malware wp-vcd that injects malicious WordPress admin users into vulnerable or hacked websites. The researcher said that the wp-vcd malware is preinstalled inside pirated WordPress premium themes published for download for free on some websites, he noticed that the malicious […]
A hacked website (WordPress .. etc.) can cause critical damage to your business revenue and reputation. Black hackers can steal user data, passwords, emails, install a malicious application (such as cryptocurrency miners), and can even spread malware to your users. Similar to how it’s the store owners responsibility to secure their physical store building, as […]
WordPress developers fixed a serious SQL injection vulnerability on Tuesday with the release of version 4.8.3.. Apply it as soon as possible. WordPress developers fixed a serious SQL injection vulnerability that was reported by the researcher Anthony Ferrara, VP of engineering at Lingo Live. The issue was addressed on Tuesday with the release of version 4.8.3. The vulnerability can be […]
On another day, another data disclosure was disclosed i.e. Disqus Hacked (Popular Comment System). This time the popular comment system has fallen into a major security breach. Disqus, the company that provides a web comment plugin for websites and blogs, admitted that it was breached five years ago in July 2012 and hackers stole data […]
An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, has been patched against a reflected cross-site scripting vulnerability. The vulnerability was found in the Product Vendors plugin, which allows an existing ecommerce site to support multiple vendors, products and payment options. Versions 2.0.35 and earlier are affected by this […]
SQL Injection Vulnerability Found in WordPress plugin, WP Statistics is one of the most popular WordPress plugins installed on 300,000 websites. The WordPress plugin makes it possible for administrators to monitor the statistics of the WordPress site without relying on external services and uses were attributed the data whenever possible to respect the privacy of […]
Latest Joomla Security Update Joomla Security Update 3.7.1 is now available. this is a security release for the 3.x series of Joomla! Which addresses one crucial safety flaw and several worm fixes. Joomla is a unfastened and open-source content management machine (CMS) for publishing internet content material. it is built on a version–view–controller internet application framework […]