Tag: wordpress
-
LiteSpeed Cache WordPress plugin actively exploited in the wild
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites. WPScan researchers repo… First seen on securityaffairs.com Jump to article: securityaffairs.com/162876/hacking/litespeed-cache-wordpress-pluging-bug.html
-
WordPress sites targeted for hijacking with LiteSpeed Cache plugin flaw
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/wordpress-sites-targeted-for-hijacking-with-litespeed-cache-plugin-flaw
-
Hackers exploit LiteSpeed Cache flaw to create WordPress admins
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of t… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-litespeed-cache-flaw-to-create-wordpress-admins/
-
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
Threat actors are attempting to actively exploit a critical security flaw in the WP‘Automatic plugin for WordPress that could allow site takeovers.The… First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html
-
Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?
A highly concerning security loophole was recently discovered in a WordPress plugin called Email Subscribers by Icegram Express, a popular tool utiliz… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/tracking-cve-2024-2876-why-does-the-latest-wordpress-exploit-compromise-over-90000-websites/
-
Mal.Metrica Malware Hijacks 17,000+ WordPress Sites
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past… First seen on gbhackers.com Jump to article: gbhackers.com/malmetrica-malware-hijacks-wordpress-sites/
-
Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield CommandControl Server
The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal. The post Wpeeper Android trojan ceased operations… First seen on securityweek.com Jump to article: www.securityweek.com/wpeeper-android-trojan-uses-compromised-wordpress-sites-to-shield-command-and-control-server/
-
New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named ‘Wpeeper’ has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular thir… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-wpeeper-android-malware-hides-behind-hacked-wordpress-sites/
-
Hackers Exploit WP-Automatic Plugin Vulnerability, Threatening WordPress Site Security
First seen on thecyberexpress.com Jump to article: thecyberexpress.com/wp-automatic-plugin-vulnerability/
-
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites. The post ability in the WordPre… First seen on securityweek.com Jump to article: www.securityweek.com/critical-wordpress-automatic-plugin-vulnerability-exploited-to-inject-backdoors/
-
Experts warn of an ongoing malware campaign targeting WP-Automatic plugin
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites WordPress security scan… First seen on securityaffairs.com Jump to article: securityaffairs.com/162364/hacking/wordpress-automatic-critical-flaw.html
-
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/
-
Hackers try to exploit WordPress vulnerability that’s as severe as it gets
First seen on arstechnica.com Jump to article: arstechnica.com/
-
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
Japan’s CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan’s CERT warned that… First seen on securityaffairs.com Jump to article: securityaffairs.com/162113/security/forminator-wordpress-plugin-flaws.html
-
Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads t… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-forminator-plugin-flaw-impacts-over-300k-wordpress-sites/
-
Schwere Sicherheitslücke in WordPress-Plugin Layerslider – SQL-Injection eröffnet Angreifer Zugang zu WordPress
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-layerslider-plugin-entdeckt-a-a2f1c11fa3a5fb78c1bd3639abea4a90/
-
5 Best CAPTCHA Plugins for WordPress Websites
Here’s an updated list of five effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot a… First seen on hackread.com Jump to article: www.hackread.com/5-best-captcha-plugins-for-wordpress-websites/
-
LayerSlider Plugin Flaw Exposes 1M Sites To SQL Injections
Recent media reports have revealed a crucial LayerSlider plugin flaw. According to these reports, this flaw has exposed numerous WordPress sites to SQ… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/layerslider-plugin-flaw-exposes-1m-sites-to-sql-injections/
-
The Essential Tools and Plugins for WordPress Development
First seen on hackread.com Jump to article: www.hackread.com/essential-wordpress-development-tools-plugins/
-
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as passw… First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html
-
Thousands of WordPress sites injected with crypto drainers
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/thousands-of-wordpress-sites-injected-with-crypto-drainers
-
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active in… First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injection
-
WordPress LayerSlide Plugin Bug Risks Password Hash Extraction
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35744/WordPress-LayerSlide-Plugin-Bug-Risks-Password-Hash-Extraction.html
-
Kritische Sicherheitslücke in WordPress-Plug-in Layerslider
First seen on heise.de Jump to article: www.heise.de/news/Kritische-Sicherheitsluecke-in-Wordpress-Plug-in-Layerslider-9673458.html
-
Hackers deploy crypto drainers on thousands of WordPress sites
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-deploy-crypto-drainers-on-thousands-of-wordpress-sites/
-
WordPress LayerSlider plugin bug risks password hash extraction
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/wordpress-layerslider-plugin-bug-risks-password-hash-extraction
-
XSS flaw in WordPress WP-Members Plugin can lead to script injection
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defi… First seen on securityaffairs.com Jump to article: securityaffairs.com/161407/hacking/wordpress-wp-members-plugin-xss.html
-
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prio… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/
-
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post al SQL injectio… First seen on securityweek.com Jump to article: www.securityweek.com/critical-vulnerability-found-in-layerslider-plugin-installed-on-a-million-wordpress-sites/
-
Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects
A massive malware campaign dubbed;Sign1;has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to r… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html