Wordpress plugin – WindowsTechs.com

WordPress Plugin Flaw Allows Attackers to Forge Emails

Posted on September 11, 2020 by Lindsey O'Donnell

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. Continue reading WordPress Plugin Flaw Allows Attackers to Forge Emails→

WordPress Websites Attacked via File Manager Plugin Vulnerability

Posted on September 2, 2020 by Graham Cluley

Websites are being hijacked by hackers exploiting plugin vulnerability Hackers password-protect compromised sites to keep out rival attackers At-risk websites advised to update WordPress File Manager plugin immediately. Hackers are exploiting a critica… Continue reading WordPress Websites Attacked via File Manager Plugin Vulnerability→

Critical Security Flaw in WordPress Plugin Allows RCE

Posted on July 29, 2020 by Lindsey O'Donnell

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Continue reading Critical Security Flaw in WordPress Plugin Allows RCE→

Advertising Plugin for WordPress Threatens Full Site Takeovers

Posted on July 8, 2020 by Tara Seals

Thousands of vulnerable websites need to apply the patch to avoid RCE. Continue reading Advertising Plugin for WordPress Threatens Full Site Takeovers→

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

Posted on June 3, 2020 by Lindsey O'Donnell

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Continue reading Attackers Target 1M+ WordPress Sites To Harvest Database Credentials→

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

Posted on April 30, 2020 by Lindsey O'Donnell

The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges. Continue reading Critical WordPress e-Learning Plugin Bugs Open Door to Cheating→

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

Posted on April 1, 2020 by Tara Seals

A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors. Continue reading Critical WordPress Plugin Bug Can Lock Admins Out of Websites→

WordPress Plugin Bug in Popup Builder Threatens 100K Websites

Posted on March 13, 2020 by Lindsey O'Donnell

The high-severity flaw allows malicious code injection into website pop-up windows. Continue reading WordPress Plugin Bug in Popup Builder Threatens 100K Websites→

Popular ThemeREX WordPress Plugin Opens Websites to RCE

Posted on March 10, 2020 by Tara Seals

The bug has been under active attack as a zero-day. Continue reading Popular ThemeREX WordPress Plugin Opens Websites to RCE→

XSS plugin vulnerabilities plague WordPress users

Posted on March 3, 2020 by Danny Bradbury

Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site. Continue reading XSS plugin vulnerabilities plague WordPress users→