Tag: wordpress
-
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in…
-
200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability
A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites. The vulnerability, which includes two distinct flaws (CVE-2024-10542 and CVE-2024-10781), could allow attackers to install and activate arbitrary plugins on affected websites, potentially leading to remote code execution and full site compromise. Website owners…
-
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites
Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely. The post Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-vulnerabilities-found-in-anti-spam-plugin-used-by-200000-wordpress-sites/
-
WordPress-Plug-in Anti-Spam by Cleantalk gefährdet 200.000 Seiten
Im WordPress-Plug-in Anti-Spam by Cleantalk klaffen gleich zwei Sicherheitslücken, durch die nicht authentifizierte Angreifern Instanzen kompromittieren können. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-Plug-in-Anti-Spam-by-Cleantalk-gefaehrdet-200-000-Seiten-10175993.html
-
WordPress forces user conf organizers to share social media credentials, arousing suspicions
First seen on theregister.com Jump to article: www.theregister.com/2024/10/28/wordcamp_password_sharing_requirement/
-
WordPress Plug-In Vulnerability Threatens 4 Million Sites
Critical Authentication Flaw Impacts Both Free and Pro Users. A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/wordpress-plug-in-vulnerability-threatens-4-million-sites-a-26843
-
Smashing Security podcast #389: WordPress vs WP Engine, and the Internet Archive is down
WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance…. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-389/
-
Millions of WordPress sites potentially hijackable due to critical plugin bug
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/millions-of-wordpress-sites-potentially-hijackable-due-to-critical-plugin-bug
-
WordPress Plugin Vulnerability Threatens 4 Million Sites
Critical Authentication Flaw Impacts Both Free and Pro Users. A widely deployed five-in-one security plugin for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plugin. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/wordpress-plugin-vulnerability-threatens-4-million-sites-a-26843
-
Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover
A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/critical-wordpress-plugin-flaw-4m-sites-takeover
-
Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites
A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full admin access. It’s one of the most critical WordPress vulnerabilities ever. Wordfence researchers warn of a vulnerability, tracked as CVE-2024-10924 (CVSS Score of 9.8), in the Really Simple Security plugin that affects 4M+ sites. The Really Simple Security plugin, formerly Really Simple SSL, is…
-
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The…
-
Security plugin flaw in millions of WordPress sites gives admin access
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), including both free and Pro versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/security-plugin-flaw-in-millions-of-wordpress-sites-gives-admin-access/
-
WordPress-Plug-in Really Simple Security gefährdet 4 Millionen Websites
Tags: wordpressRund vier Millionen WordPress-Seiten nutzen das Plug-in Really Simple Security. Angreifer aus dem Netz können sie kompromittieren. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-Plug-in-Really-Simple-Security-gefaehrdet-4-Millionen-Websites-10038111.html
-
Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover
Over 4 million WordPress websites were impacted by a critical Really Simple Security plugin vulnerability providing full administrative access. The post Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-plugin-flaw-exposed-4-million-wordpress-websites-to-takeover/
-
RCE intrusions likely with critical WPLMS WordPress theme issue
First seen on scworld.com Jump to article: www.scworld.com/brief/rce-intrusions-likely-with-critical-wplms-wordpress-theme-issue
-
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to eleva… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/litespeed-cache-plugin-vulnerability.html
-
Video: Top Cybersecurity Threats That You Need to Fix
Stay informed about critical security issues. We cover a WordPress vulnerability, the need to update Chrome, and more. Protect your online presence, watch now. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/video/top-security-threats-2024/
-
Cyble Warns of Escalating Cyber Risks in IoT and WordPress Plugins Amid Phishing Surge
In the latest edition of Cyble’s weekly sensor intelligence report, cybersecurity experts revealed a concerning surge in attacks targeting the LightSp… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cybles-sensor-intelligence-report/
-
Serious WordPress compromise likely with LiteSpeed Cache plugin bug
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/serious-wordpress-compromise-likely-with-litespeed-cache-plugin-bug
-
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/litespeed-cache-wordpress-plugin-bug-lets-hackers-get-admin-access/
-
Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware… First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/swarms-fake-wordpress-plug-ins-infect-sites-infostealers
-
ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites
Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins, … First seen on gbhackers.com Jump to article: gbhackers.com/clickfix-malware-hacked-wordpress/
-
Infostealer-injecting plugins compromise thousands of WordPress sites
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/infostealer-injecting-plugins-compromise-thousands-of-wordpress-sites
-
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html
-
WP Engine Accuses WordPress of ‘Forcibly’ Taking Over Its Plug-in
Tags: wordpressFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/wp-engine-accuses-wordpress-forcibily-taking-over-plug-in
-
Over 6,000 WordPress hacked to install plugins pushing infostealers
Tags: wordpressFirst seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-6-000-wordpress-hacked-to-install-plugins-pushing-infostealers/
-
Funktion Vary Group im Litespeed-Plugin – WordPress-Plugin gefährdet sechs Millionen Seiten
First seen on security-insider.de Jump to article: www.security-insider.de/update-wordpress-plugin-litespeed-cache-sicherheitsluecke-a-bc5157b73d6478fe58d3a1a4b8c35a06/
-
Jetpack Patches Critical Bug That Exposed Data On 27 Million WordPress Sites
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36478/Jetpack-Patches-Critical-Bug-That-Exposed-Data-On-27-Million-WordPress-Sites.html