Category Archives: plugin

Attackers are exploiting WordPress plugin flaw to inject malicious scripts

Posted on by

Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company has discovered 47 affected sites (some have been cleaned up in the meantime) … Continue reading Attackers are exploiting WordPress plugin flaw to inject malicious scripts

Many computers are vulnerable to hacking through common plug-in devices

Posted on by

Attackers can compromise an unattended machine in a matter of seconds through devices such as chargers and docking stations. Vulnerabilities were found in computers with Thunderbolt ports running Windows, macOS, Linux and FreeBSD. Many modern laptops a… Continue reading Many computers are vulnerable to hacking through common plug-in devices

WordPress plugin patches flaw that gave hackers potential access to 40,000 websites

Posted on by

A new vulnerability in a popular WordPress plugin could allow outsiders who exploit the flaw to take control of a website, according to new research. Luka Šikić, who works as a security developer at WebARX, published a report Monday revealing the bug in the Simple Social Buttons plugin, which more than 40,000 websites use to distribute their content on Facebook, Twitter and others. The problem would allow hackers to modify a WordPress site’s settings in a way plugin developers did not intend. WPBrigade, the firm that developed Simple Social Buttons, patched the flaw in the 2.0.22 software update, which was released Friday. Šikić said he informed WPBrigade about the vulnerability on Feb. 7, and that the company fixed the issue within a day. “If your website uses the WordPress plugin ‘Simple Social Buttons,’ you should update it to the latest version as soon as possible,” WebARX said in a blog […]

The post WordPress plugin patches flaw that gave hackers potential access to 40,000 websites appeared first on CyberScoop.

Continue reading WordPress plugin patches flaw that gave hackers potential access to 40,000 websites

Former WPML employee hacks plugin website to spam customers

Posted on by

The website of popular WordPress plugin WPML has been restored after being hacked by a former employee, the plugin-maker OnTheGoSystems said Sunday. WPML said the incident caused it to lose client data, forced it to rebuild its server from scratch and prompted it to reset all customers’ passwords. OnTheGoSystems said that the plugin itself was not vulnerable and that payment information had not been exposed. We’re very sorry to report that our WEBSITE got hacked. Looks like an ex-employee backdoor. There is NO exploit in the WPML plugin we doublechecked. Payment information was NOT compromised as we don’t store this information. We strongly advise changing your WPML account password. — WPML (@wpml) January 20, 2019 WPML is a tool that WordPress users can purchase to run their websites in different languages. OnTheGoSystems says that more than 600,000 websites use the plugin. “This hack was not done via an exploit in WordPress, WPML or another plugin, but using this […]

The post Former WPML employee hacks plugin website to spam customers appeared first on CyberScoop.

Continue reading Former WPML employee hacks plugin website to spam customers

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

Posted on by

A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.
Read more in my article on the Hot f… Continue reading Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts