GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

August 21, 2024 at 12:51AM A critical security flaw (CVE-2024-5932) in WordPress GiveWP plugin allows remote code execution, affecting over 100,000 websites. Researchers also disclosed vulnerabilities in other WordPress plugins (e.g., InPost PL, JS Help Desk). Patching against these flaws is crucial to prevent attacks. Website owners are advised against using nulled plugins and themes … Read more

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

August 20, 2024 at 11:06AM A critical vulnerability in the GiveWP WordPress plugin (CVE-2024-5932, CVSS score 10/10) exposed over 100,000 websites, allowing unauthenticated attackers to execute arbitrary remote code or delete files. Exploiting a bug in serialization, attackers could potentially take over affected sites, which has been addressed in version 3.14.2 and users are urged … Read more

Hackers target WordPress database plugin active on 1 million sites

January 25, 2024 at 09:22AM The ‘Better Search Replace’ WordPress plugin, used by over one million sites, has a critical vulnerability allowing attackers to execute malicious code. Exploits have surged, prompting the release of version 1.4.5 to address this flaw. Urgent upgrading is recommended as attacks are growing, impacting all versions up to 1.4.4. Based … Read more