Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

May 30, 2024 at 11:16AM Fastly warns of ongoing exploitation of vulnerabilities in three WordPress plugins, enabling the injection of malicious scripts and backdoors. These flaws permit unauthenticated stored cross-site scripting attacks, creation of new administrator accounts, and stealing of credentials. Impacting over 600,000 installations, the campaign is emanating from IPs linked to AS IP … Read more

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

May 30, 2024 at 10:21AM Cybersecurity researchers have warned of high-severity security vulnerabilities in various WordPress plugins, being actively exploited to create rogue administrator accounts for further exploitation. The flaws allow for unauthenticated stored cross-site scripting attacks, enabling threat actors to inject malicious scripts. To mitigate these risks, WordPress site owners should review installed plugins, … Read more

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

May 28, 2024 at 02:45AM Unknown threat actors are exploiting WordPress’s Dessky Snippets plugin, with over 200 active installations, to insert PHP credit card skimming malware into compromised sites. The malware manipulates WooCommerce’s checkout process to steal credit card details, exfiltrating them to a specific URL. This underscores the need for WordPress site owners, especially … Read more

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

April 26, 2024 at 06:12AM Threat actors are exploiting a critical-severity vulnerability (CVE-2024-27956, CVSS score 9.8) in WordPress Automatic plugin, allowing them to inject malicious code, gain admin privileges, create new accounts, and maintain access to compromised sites. Over 5 million exploit attempts have been seen. Users are advised to update to version 3.92.1 to … Read more

Hackers deploy crypto drainers on thousands of WordPress sites

April 8, 2024 at 02:26PM Hackers compromised over 2,000 WordPress sites, injecting them with malicious scripts to display fake NFT and discount pop-ups. These pop-ups prompt visitors to connect their wallets to crypto drainers, ultimately stealing funds and NFTs. The attackers seek to monetize a large pool of hacked sites and have begun promoting these … Read more

39,000 Websites Infected in ‘Sign1’ Malware Campaign

March 22, 2024 at 09:54AM Security firm Sucuri warns that over 39,000 websites have been infected with new malware called Sign1, which redirects visitors to scam domains and displays unwanted ads. The JavaScript-based malware is injected into compromised websites, hidden with obfuscation, and conditionally executed based on specific visitor and website conditions. The firm has … Read more

Evasive Sign1 malware campaign infects 39,000 WordPress sites

March 21, 2024 at 12:02PM The Sign1 malware campaign has infected over 39,000 websites, injecting malicious scripts into WordPress sites by exploiting vulnerabilities or using brute force attacks. The malware uses time-based randomization and dynamic URLs to evade detection, redirects visitors to scam sites, and has evolved to become more resilient. Website owners are advised … Read more

Misconfigured Firebase Instances Expose 125 Million User Records

March 19, 2024 at 06:18AM Google Firebase misconfiguration led to the leak of more than 125 million user records, including plaintext passwords. It began with the hacking of the Chattr AI hiring system, exposing names, phone numbers, emails, and sensitive details. Further exploration found 900 websites exposing data on a massive scale, impacting millions of … Read more

Don’t be like these 900+ websites and expose millions of passwords via Firebase

March 18, 2024 at 05:38PM Over 900 websites using Google’s Firebase have been misconfigured, exposing sensitive data including 125 million user records. The issue stems from insecure Firebase implementations and lack of secure configuration. Researchers found 85 million names, 106 million email addresses, and 20 million passwords exposed. Despite notifications, only 24% of site owners … Read more

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

February 27, 2024 at 09:57AM A security vulnerability in LiteSpeed Cache plugin for WordPress (CVE-2023-40000) allows unauthenticated users to elevate privileges. Patchstack researcher Rafie Muhammad mentioned potential information theft and privilege escalation. The issue was fixed in version 5.7.0.1, and the latest version is 6.1, released on February 5, 2024. This follows Wordfence’s discovery of … Read more