Tag: wordpress
-
New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages
SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data. First seen on hackread.com Jump to article: hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/
-
WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps
A WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/wordpress-plugin-exploited-to-turn-legitimate-sites-into-phishing-traps/
-
Meet PhishWP The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps
One morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripe’s payment process. You enter your payment details, feeling confident in the website’s legitimacy: Credit card number Expiration date CVV Billing address You even enter a one-time password (OTP) sent to your phone,……
-
WordPress Plugin Vulnerability Exposes 3 Million Websites to Injection Attacks
A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites. This security flaw allows unauthenticated attackers to exploit a PHP Object Injection vulnerability through deserialization of untrusted input. The issue affects all versions of the plugin up to and including 1.24.11. A patch…
-
Premium WPLMS WordPress plugins address seven critical flaws
Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/premium-wplms-wordpress-plugins-address-seven-critical-flaws/
-
390,000 WordPress credentials compromised via phishing, GitHub repos
First seen on scworld.com Jump to article: www.scworld.com/news/390000-wordpress-credentials-compromised-via-phishing-github-repos
-
Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys
SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified… First seen on hackread.com Jump to article: hackread.com/hackers-fake-pocs-github-wordpress-credentials-aws-keys/
-
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/
-
Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors
An unknown hacker called MUT-1244 used information-stealing malware to not only grab sensitive data from cybersecurity professionals but also to steal WordPress credentials from other bad actors who had bought them on the dark web. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/hacker-uses-info-stealer-against-security-pros-other-bad-actors/
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog…
-
Critical WordPress plugin vulnerability under active exploit threatens thousands
Vulnerability with severity rating of 9.8 out of possible 10 still live on >8,000 sites. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/thousands-of-sites-remain-unpatched-against-actively-exploited-wordpress-plugin-bug/
-
Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites
Two vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites. The post Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunk-companion-wp-query-console-vulnerabilities-chained-to-hack-wordpress-sites/
-
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.”This flaw poses a…
-
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/
-
WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/
-
CVE-2024-11205: WPForms Plugin Vulnerability Exposes 6 Million WordPress Sites to Financial Risk
A critical vulnerability, identified as CVE-2024-11205, was discovered in the WPForms plugin, a popular WordPress form builder used by over 6 million active websites. This vulnerability, which has been assigned a high CVSS score of 8.5, targets businesses relying on WPForms for payment processing and subscription management, especially those using Stripe integration. First seen on…
-
WPForms-Plug-in reißt Sicherheitsleck in 6 Millionen Webseiten
Tags: wordpressIm WordPress-Plug-in WPForms können Angreifer eine Lücke missbrauchen, um etwa Zahlungen rückabzuwickeln. Sechs Millionen Webseiten nutzen das Plug-in. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-WPForms-Plug-in-reisst-Sicherheitsleck-in-6-Millionen-Webseiten-10193387.html
-
Über 200.000 Seiten betroffen: Dieses WordPress-Plugin hat kritische Sicherheitslücken
Tags: wordpressFirst seen on t3n.de Jump to article: t3n.de/news/20000-seiten-wordpress-sicherheitsgefahrt-1660835/
-
Sicherheitsgefahr bei WordPress: Beliebtes AntiPlugin entpuppt sich als Einfallstor für Hacker
First seen on t3n.de Jump to article: t3n.de/news/wordpress-gefahrt-plugin-anti-spam-cleantalk-1660835/
-
WordPress-Websites im Visier einer neuen FakeUpdates-Kampagne
FakeUpdates, auch bekannt als SocGholish, ist seit mindestens 2017 aktiv und verwendet JavaScript-Malware, um Websites anzugreifen, insbesondere solch… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wordpress-websites-im-visier-einer-neuen-fakeupdates-kampagne/a36764/
-
Hacker bekommen vollen Website-Zugriff: Beliebtes WordPress-Plugin hat gefährliche Schwachstellen
First seen on t3n.de Jump to article: t3n.de/news/hacker-wordpress-plugin-schwachstelle-1660835/
-
Sicherheitslücke bei WordPress: Millionen Webseiten betroffen
Sicherheitsforscher haben eine neue Sicherheitslücke in einem WordPress-Plugin gefunden und ihre Erkenntnisse veröffentlicht. Jetzt suchen Hacker nach… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/sicherheitslucke-bei-wordpress-millionen-webseiten-betroffen
-
WordPress Plug-in loggt Passwörter im Klartext
Das All-In-One Security (AIOS) WordPress Plug-in kommt in mehr als einer Million Webseiten zum Einsatz. Jetzt zeigt sich, dass das Plug-in Nutzerpassw… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/wordpress-plug-in-loggt-passworter-im-klartext
-
WordPress-Hoster Kinsta von Phishing-Anzeigen geplagt
Der WordPress-Hosting-Anbieter Kinsta warnt seine Kunden vor Google-Anzeigen, die für Phishing-Seiten werben, über die Anmeldedaten für MyKinsta gesto… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/wordpress-hoster-kinsta-von-phishing-anzeigen-geplagt
-
Sicherheitslücke in WordPress-Plugin bedroht mehr als 300.000 Webseiten
Das WordPress-Plugin Forminator, das auf über 500.000 Webseiten zu finden ist, hat eine Schwachstelle, die es Angreifern erlaubt, unbeschränkte Datei-… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/sicherheitslucke-in-wordpress-plugin-bedroht-mehr-als-300-000-webseiten
-
WordPress erhöht ab Oktober die Sicherheit
WordPress soll sicherer werden. Daher müssen Plug-in- und Theme-Autoren ab Oktober die Zwei-Faktor-Authentifizierung (2FA) und die Verwendung von Subv… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/wordpress-erhoht-ab-oktober-die-sicherheit
-
Widespread WordPress compromise possible with critical plugin flaws
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-wordpress-compromise-possible-with-critical-plugin-flaws