Tag: wordpress
-
Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website
A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has intensified its cyber operations through a campaign dubbed BadPilot. This multi-year initiative has targeted critical infrastructure worldwide, expanding the group’s reach beyond its traditional focus on Ukraine and Eastern Europe to include North America, Europe, and Asia-Pacific regions. Exploiting Vulnerabilities…
-
30,000 WordPress Sites Exposed to Exploitation via File Upload Vulnerability
A critical security vulnerability in the >>Security & Malware scan by CleanTalk
-
Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites
In a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool widely used by eCommerce websites, to deploy malicious scripts designed to steal credit card information. This attack vector, often referred to as Magecart or e-skimming, has been observed targeting platforms like Magento, WordPress, and OpenCart, among others. The abuse of GTM…
-
Campaign exploits outdated WordPress sites to spread password-stealing malware
First seen on scworld.com Jump to article: www.scworld.com/brief/campaign-exploits-outdated-wordpress-sites-to-spread-password-stealing-malware
-
WordPress ASE Plugin Vulnerability Threatens Site Security
Patchstack urges admins to patch new WordPress ASE plugin vulnerability that lets users restore previous admin privileges First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-ase-plugin-flaw/
-
Bösartiges WordPress-Plugin hilft, Zahlungsdaten zu stehlen
Cybersicherheitsexperten von Slashnext haben vor kurzem in einem Blogbeitrag ihren neuesten Fund aus einem russischen Cybercrime-Forum vorgestellt: das bösartige WordPress-Plugin . Das Phishing-Plugin ermöglicht es Angreifern, die Zahlungsdaten von Online-Shoppern abzugreifen unerkannt, in Echtzeit und mit erheblichem Schadenspotenzial. Zur Anwendung kommen kann es dabei sowohl in kompromittierten Websites regulärer E-Commerce-Unternehmen als auch in von […]…
-
Future-Proof Your WordPress Site: Essential Plugins for 2025
Tags: wordpressThe digital landscape is constantly growing and evolving. As such, some tips and tricks that worked for websites in 2023 might be obsolete in 2025. For any digital professional, remaining dedicated to top-quality practice that stands the test of time is just the start. This means staying ahead of the curve and leveraging the best…
-
WordPress Plugin Vulnerability Exposes 23k+ Websites to Hacking
Researchers from Patchstack have warned that over 23,000 real estate websites using the popular RealHomes WordPress theme and its bundled Easy Real Estate plugin are exposed to critical security vulnerabilities. These vulnerabilities allow unauthenticated attackers to escalate privileges, take over administrator accounts, and compromise websites. Let’s dive into the technical details of these vulnerabilities and…
-
Critical zero-days impact premium WordPress real estate plugins
The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 29
Tags: ai, attack, credit-card, group, injection, international, malware, ransomware, service, wordpressSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Ransomware on ESXi: The mechanization of virtualized attacks FunkSec Alleged Top Ransomware Group Powered by AI Abusing AWS Native Services: Ransomware Encrypting S3 Buckets […]…
-
A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks
A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. The WordPress W3 Total Cache plugin is a…
-
WordPress-Plug-in W3 Total Cache: Potenziell 1 Millionen Websites attackierbar
Tags: wordpressStimmen die Voraussetzungen, können Angreifer Websites mit dem WordPress-Plug-in W3 Total Cache ins Visier nehmen. Ein Sicherheitspatch ist verfügbar. First seen on heise.de Jump to article: www.heise.de/news/WordPress-Plug-in-W3-Total-Cache-Potenziell-1-Millionen-Websites-attackierbar-10246228.html
-
WordPress drama latest: Leader Matt Mullenweg exiles five contributors
Tags: wordpressWordPress.org accounts cancelled, dissidents told to fork off First seen on theregister.com Jump to article: www.theregister.com/2025/01/14/wordpress_leader_matthew_mullenweg_exiles/
-
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wp3xyz-malware-attacks-add-rogue-admins-to-5-000-plus-wordpress-sites/
-
Malicious WordPress database entry, widget steals credit card info
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-wordpress-database-entry-widget-steals-credit-card-info
-
Covert Credit Card Skimmer Takes Aim at WordPress Sites
First seen on scworld.com Jump to article: www.scworld.com/brief/covert-credit-card-skimmer-takes-aim-at-wordpress-sites
-
Credit Card Skimmer campaign targets WordPress via database injection
Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables. The attackers hide the malicious code in the WordPress wp_options table, injecting obfuscated JavaScript into…
-
Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages. Whenever the page for the checkout is loaded, the malware examines the URL for the…
-
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS).”This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment First seen on…
-
Fancy Product Designer Plugin Flaws Expose WordPress Sites
Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-product-designer-plugin-flaws/
-
Kein Patch für Lücke in WordPress-Plug-in Fancy Product Designer in Sicht
Es können Attacken auf Onlineshops auf WordPress-Basis mit Fancy Product Designer bevorstehen. First seen on heise.de Jump to article: www.heise.de/news/Zero-Day-Luecke-bedroht-WordPress-Plug-in-Fancy-Product-Designer-10233192.html
-
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/unpatched-critical-flaws-impact-fancy-product-designer-wordpress-plugin/
-
WordPress phishing plugin drives online shopping fraud
First seen on scworld.com Jump to article: www.scworld.com/news/wordpress-phishing-plugin-drives-online-shopping-fraud
-
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites. By seamlessly integrating with Telegram, PhishWP facilitates real-time data exfiltration, including credit card details, personal information, and even 3DS authentication codes. This…
-
PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts
The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/phishwp-plugin-hijacks-wordpress-e-commerce-checkouts
-
Russian hackers turn trusted online stores into phishing pages
Tags: breach, credentials, credit-card, cybercrime, cybersecurity, data, email, finance, hacker, phishing, risk, russia, service, tactics, theft, threat, wordpressIn a smart campaign, Russian cybercriminals are turning trusted online stores into phishing pages that capture sensitive details through convincing payment interfaces.According to a research by the cybersecurity firm Slashnext, the Russian miscreants have built a WordPress plugin, PhishWP, which creates fake payment pages that look like trusted services, such as Stripe.”WordPress is one of…
-
Beware of PhishWP: New WordPress Plugin Targets Online Shoppers
Tags: wordpressImagine browsing a seemingly legitimate e-commerce site, entering your payment details, and confidently completing a purchase, only to First seen on securityonline.info Jump to article: securityonline.info/beware-of-phishwp-new-wordpress-plugin-targets-online-shoppers/