Massive botnet chews through 20,000 WordPress sites
Attackers have infected 20,000 WordPress sites by brute-forcing administrator usernames and passwords. Continue reading Massive botnet chews through 20,000 WordPress sites
Category Archives: WordFence
WordPress GDPR compliance plugin hacked
There’s no obvious executable payload in the attack but the attackers may be building a collection of websites and biding their time. Continue reading WordPress GDPR compliance plugin hacked
Flaw in WordPress plugin allowed unauthorized admin access, backdoors
A now-patched flaw in a popular plugin was allowing hackers to take over various WordPress sites and act as administrators, putting them in a position to cause further damage, according to Wordfence, a company that makes security software for the publishing platform. The plugin, WP GDPR Compliance, is meant to help WordPress site owners comply with Europe’s General Data Protection Regulation by automating tasks like data access requests and data deletion requests. GDPR requires that companies give their users the option to view or delete data that pertains to them. A bug in the privacy-focused plugin was exploited in the wild, Wordfence said in a report published Thursday, allowing “unauthenticated attackers to achieve privilege escalation.” The vulnerability allowed attackers to force affected WordPress sites to perform arbitrary actions, including installing new administrator accounts. Wordfence researchers said they also observed attackers installing backdoors, but it’s not clear what they’re intended to be used […]
The post Flaw in WordPress plugin allowed unauthorized admin access, backdoors appeared first on Cyberscoop.
Continue reading Flaw in WordPress plugin allowed unauthorized admin access, backdoors
Rogue WordPress Plugin Allowed Spam Injection
A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites. Continue reading Rogue WordPress Plugin Allowed Spam Injection
Attackers Using Automated Scans to Takeover WordPress Installs
Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it. Continue reading Attackers Using Automated Scans to Takeover WordPress Installs
1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure
WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability. Continue reading 1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure