WordPress Plugin Removed After Zero Day Discovered
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild. Continue reading WordPress Plugin Removed After Zero Day Discovered
Category Archives: Wordpress plugin
Critical WordPress Plugin Flaw Allows Complete Website Takeover
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22. Continue reading Critical WordPress Plugin Flaw Allows Complete Website Takeover
WordPress Users Urged to Delete Zero-Day-Ridden Plugin
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers. Continue reading WordPress Users Urged to Delete Zero-Day-Ridden Plugin
Angry ex-employee blamed for hack of WordPress plugin developer, and email to customers warning of security hole
This weekend, users of the popular WordPress translation plugin WPML (also known as WordPress MultiLingual) received an email from a hacker claiming to expose serious security vulnerabilities in the software that allegedly put the customers’ own … Continue reading Angry ex-employee blamed for hack of WordPress plugin developer, and email to customers warning of security hole
Update now! Dangerous AMP for WordPress plugin fixed
The popular plugin for implementing Accelerated Mobile Pages returned, patched, to WordPress.org last week. Continue reading Update now! Dangerous AMP for WordPress plugin fixed
Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now
A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.
The vulnera… Continue reading Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now
WordPress GDPR compliance plugin hacked
There’s no obvious executable payload in the attack but the attackers may be building a collection of websites and biding their time. Continue reading WordPress GDPR compliance plugin hacked
Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store.
Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file dele… Continue reading Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites
Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors.
One such incident happened recently when the renowned developer BestWebSoft sold a popular Captcha WordPress plugin t… Continue reading Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites
WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack
A SQL Injection vulnerability has been discovered in one of the most popular Wordpress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely.
The flaw has be… Continue reading WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack