#PluginUpdate

Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover

by

November 18, 2024 at 03:41PM A critical flaw in the Really Simple Security WordPress plug-in, affecting over 4 million sites, allows attackers to bypass authentication and gain administrative access. Rated 9.8 on the CVSS scale, the vulnerability has been patched in version 9.1.2. Users are urged to confirm updates to protect their sites. ### Meeting … Read more

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

by

April 3, 2024 at 02:28PM LayerSlider, a popular WordPress plugin with over one million users, has been found to be vulnerable to unauthenticated SQL injection, allowing attackers to extract sensitive data from websites. Researcher AmrAwad received a $5,500 bounty for reporting this critical flaw, which has been addressed by the release of version 7.10.1, requiring … Read more