wordpress – Page 26 – WindowsTechs.com

Can a PHP shell uploaded to a WordPress directory have access to an entire Linux machine?

Posted on March 16, 2020 by clark

I run a few WordPress instances. I had one new one that I had not configured and left sitting, so the installation was on the 1st step awaiting for the database name, username, password, and host. When I went to finish the install after le… Continue reading Can a PHP shell uploaded to a WordPress directory have access to an entire Linux machine?→

WordPress Plugin Bug in Popup Builder Threatens 100K Websites

Posted on March 13, 2020 by Lindsey O'Donnell

The high-severity flaw allows malicious code injection into website pop-up windows. Continue reading WordPress Plugin Bug in Popup Builder Threatens 100K Websites→

WooCommerce Bookings – How can I retrieve specific data in Thank You page? [closed]

Posted on March 5, 2020 by Despina

I just set up the Woocommerce Bookings plugin in my wordpress website. I found that the way to retrieve the number of persons of a booking in the cart and checkout page is this:

global $booking_id = isset( $cart_item[‘booking’] ) &&am… Continue reading WooCommerce Bookings – How can I retrieve specific data in Thank You page? [closed]→

XSS plugin vulnerabilities plague WordPress users

Posted on March 3, 2020 by Danny Bradbury

Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site. Continue reading XSS plugin vulnerabilities plague WordPress users→

The Amazon Prime phishing attack that wasn’t…

Posted on February 21, 2020 by Paul Ducklin

When we followed the phishing trail, we found ourselves at a web page we weren’t expecting… Continue reading The Amazon Prime phishing attack that wasn’t…→

Free trojanized WordPress themes lead to widespread compromise of web servers

Posted on February 19, 2020 by Zeljka Zorz

Over 20,000 web servers (and who knows how many websites) have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. The compromised servers are located across the globe and m… Continue reading Free trojanized WordPress themes lead to widespread compromise of web servers→

WordPress plugin hole could have allowed attackers to wipe websites

Posted on February 19, 2020 by Danny Bradbury

A WordPress plugin with over 100,000 active installations had a bug that could have allowed unauthorised attackers to wipe its users’ blogs clean, it emerged this week. Continue reading WordPress plugin hole could have allowed attackers to wipe websites→

Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin

Posted on February 18, 2020 by Lindsey O'Donnell

Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers. Continue reading Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin→

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

Posted on February 17, 2020 by Swati Khandelwal

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.

The… Continue reading Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers→

Cookie-nabbing app could have served users side helping of XSS

Posted on February 14, 2020 by Danny Bradbury

A popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to XSS attacks. Continue reading Cookie-nabbing app could have served users side helping of XSS→