plugin – Page 3 – WindowsTechs.com

WordPress websites attacked via File Manager plugin vulnerability

Posted on September 2, 2020 by Graham Cluley

Hackers are exploiting a critical vulnerability that may be affecting hundreds of thousands of websites running WordPress.

The vulnerability lies in versions of the popular third-party plugin WordPress File Manager, which has been installed on over … Continue reading WordPress websites attacked via File Manager plugin vulnerability→

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Posted on September 1, 2020 by Lindsey O'Donnell

Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Continue reading Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws→

Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

Posted on August 14, 2020 by Lindsey O'Donnell

The recently patched flaws could be abused by an unauthenticated, remote attackers to take over vulnerable websites. Continue reading Critical Flaws in WordPress Quiz Plugin Allow Site Takeover→

Newsletter WordPress Plugin Opens Door to Site Takeover

Posted on August 4, 2020 by Tara Seals

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Continue reading Newsletter WordPress Plugin Opens Door to Site Takeover→

Attackers tried to grab WordPress configuration files from over a million sites

Posted on June 5, 2020 by Zeljka Zorz

A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab WordPress configuration files of 1.3 million sites at the end on the same month. In b… Continue reading Attackers tried to grab WordPress configuration files from over a million sites→

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

Posted on June 3, 2020 by Lindsey O'Donnell

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Continue reading Attackers Target 1M+ WordPress Sites To Harvest Database Credentials→

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

Posted on May 19, 2020 by Graham Cluley

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.
Continue reading FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin→

Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote

Posted on May 18, 2020 by Tom Eston

In episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan to require a warrant to obtain Am… Continue reading Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote→

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Posted on May 12, 2020 by Tara Seals

Severe CSRF to XSS bugs open the door to code execution and complete website compromise. Continue reading WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover→

Nearly a million WordPress sites targeted in extensive attacks

Posted on May 6, 2020 by Zeljka Zorz

A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s … Continue reading Nearly a million WordPress sites targeted in extensive attacks→