WordFence – WindowsTechs.com

Compromised plugins found on WordPress.org

Posted on June 26, 2024 by Zeljka Zorz

An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it … Continue reading Compromised plugins found on WordPress.org→

Security Flaw in WP-Members Plugin Leads to Script Injection

Posted on April 2, 2024 by Ionut Arghire

A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek.
Continue reading Security Flaw in WP-Members Plugin Leads to Script Injection→

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

Posted on October 14, 2022 by Zeljka Zorz

Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, and soon after exploitation attempts started rising. “[On Thursday], the… Continue reading Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount→

GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed

Posted on November 23, 2021 by Zeljka Zorz

GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What happened? “On November 17, 2021, we discovered unauthorized third-party acc… Continue reading GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed→

Widespread Scans Underway for RCE Bugs in WordPress Websites

Posted on November 18, 2020 by Tara Seals

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Continue reading Widespread Scans Underway for RCE Bugs in WordPress Websites→

Ultimate Member Plugin for WordPress Allows Site Takeover

Posted on November 9, 2020 by Tara Seals

Three critical security bugs allow for easy privilege escalation to an administrator role. Continue reading Ultimate Member Plugin for WordPress Allows Site Takeover→

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

Posted on November 6, 2020 by Tara Seals

The shopping cart application contains a PHP object-injection bug. Continue reading WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug→

Newsletter WordPress Plugin Opens Door to Site Takeover

Posted on August 4, 2020 by Tara Seals

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Continue reading Newsletter WordPress Plugin Opens Door to Site Takeover→

Advertising Plugin for WordPress Threatens Full Site Takeovers

Posted on July 8, 2020 by Tara Seals

Thousands of vulnerable websites need to apply the patch to avoid RCE. Continue reading Advertising Plugin for WordPress Threatens Full Site Takeovers→

Botnet blasts WordPress sites with configuration download attacks

Posted on June 5, 2020 by Paul Ducklin

A million sites attacked by 20,000 different computers. Continue reading Botnet blasts WordPress sites with configuration download attacks→