Wordpress plugin – WindowsTechs.com

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild

Posted on April 11, 2025 by Ionut Arghire

A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.
The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.
Continue reading Vulnerability in OttoKit WordPress Plugin Exploited in the Wild→

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Posted on March 31, 2025 by Ionut Arghire

Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks.
The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek.
Continue reading Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory→

WordPress Plugin Flaw Allows Attackers to Forge Emails

Posted on September 11, 2020 by Lindsey O'Donnell

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. Continue reading WordPress Plugin Flaw Allows Attackers to Forge Emails→

WordPress Websites Attacked via File Manager Plugin Vulnerability

Posted on September 2, 2020 by Graham Cluley

Websites are being hijacked by hackers exploiting plugin vulnerability Hackers password-protect compromised sites to keep out rival attackers At-risk websites advised to update WordPress File Manager plugin immediately. Hackers are exploiting a critica… Continue reading WordPress Websites Attacked via File Manager Plugin Vulnerability→

Critical Security Flaw in WordPress Plugin Allows RCE

Posted on July 29, 2020 by Lindsey O'Donnell

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Continue reading Critical Security Flaw in WordPress Plugin Allows RCE→

Advertising Plugin for WordPress Threatens Full Site Takeovers

Posted on July 8, 2020 by Tara Seals

Thousands of vulnerable websites need to apply the patch to avoid RCE. Continue reading Advertising Plugin for WordPress Threatens Full Site Takeovers→

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

Posted on June 3, 2020 by Lindsey O'Donnell

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Continue reading Attackers Target 1M+ WordPress Sites To Harvest Database Credentials→

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

Posted on April 30, 2020 by Lindsey O'Donnell

The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges. Continue reading Critical WordPress e-Learning Plugin Bugs Open Door to Cheating→

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

Posted on April 1, 2020 by Tara Seals

A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors. Continue reading Critical WordPress Plugin Bug Can Lock Admins Out of Websites→

WordPress Plugin Bug in Popup Builder Threatens 100K Websites

Posted on March 13, 2020 by Lindsey O'Donnell

The high-severity flaw allows malicious code injection into website pop-up windows. Continue reading WordPress Plugin Bug in Popup Builder Threatens 100K Websites→