Compromised plugins found on WordPress.org

An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it … Continue reading Compromised plugins found on WordPress.org

Security Flaw in WP-Members Plugin Leads to Script Injection

A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek.
Continue reading Security Flaw in WP-Members Plugin Leads to Script Injection

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, and soon after exploitation attempts started rising. “[On Thursday], the… Continue reading Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed

GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What happened? “On November 17, 2021, we discovered unauthorized third-party acc… Continue reading GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed