Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

April 26, 2024 at 06:12AM Threat actors are exploiting a critical-severity vulnerability (CVE-2024-27956, CVSS score 9.8) in WordPress Automatic plugin, allowing them to inject malicious code, gain admin privileges, create new accounts, and maintain access to compromised sites. Over 5 million exploit attempts have been seen. Users are advised to update to version 3.92.1 to … Read more

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

March 18, 2024 at 05:57AM WordPress users are advised to delete miniOrange’s Malware Scanner and Web Application Firewall plugins due to a critical security flaw, with a high CVSS score of 9.8. The flaw allows unauthenticated attackers to gain administrative privileges, leading to potential compromise of the site. Another privilege escalation flaw was found in … Read more

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

February 26, 2024 at 10:21AM A critical SQL injection vulnerability in the Ultimate Member WordPress plugin with 200,000 installations allowed unauthenticated attackers to extract sensitive data by appending SQL queries. The flaw, tracked as CVE-2024-1071, was assigned a CVSS score of 9.8. The issue was resolved in the Ultimate Member version 2.8.3 on February 19. … Read more

Hackers target WordPress database plugin active on 1 million sites

January 25, 2024 at 09:22AM The ‘Better Search Replace’ WordPress plugin, used by over one million sites, has a critical vulnerability allowing attackers to execute malicious code. Exploits have surged, prompting the release of version 1.4.5 to address this flaw. Urgent upgrading is recommended as attacks are growing, impacting all versions up to 1.4.4. Based … Read more

WordPress Websites Hacked via Royal Elementor Plugin Zero-Day

October 17, 2023 at 05:54AM Researchers have discovered a critical vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited for over a month. The bug allows attackers to upload arbitrary files to vulnerable sites, leading to remote code execution. The vulnerability has been targeted in over 46,000 attacks, with most … Read more