February 20, 2024 at 04:33AM A critical security flaw in the Bricks theme for WordPress, tracked as CVE-2024-25600, allows unauthenticated attackers to remotely execute PHP code on susceptible installations. The flaw was addressed in version 1.9.6.1 on February 13, 2024, following Snicco’s report. Exploitation attempts have been detected, and users are advised to apply the … Read more
January 25, 2024 at 09:22AM The ‘Better Search Replace’ WordPress plugin, used by over one million sites, has a critical vulnerability allowing attackers to execute malicious code. Exploits have surged, prompting the release of version 1.4.5 to address this flaw. Urgent upgrading is recommended as attacks are growing, impacting all versions up to 1.4.4. Based … Read more
January 16, 2024 at 06:51AM Reflectiz, a website security company, rescued a major retail client from non-compliance fines due to misconfigured cookie tracking. Despite being unintended, the client risked substantial penalties under GDPR. Reflectiz’s advanced exposure management solution detected 37 unauthorized cookie injections and facilitated timely corrective action, emphasizing the importance of continuous monitoring and … Read more
January 11, 2024 at 12:55PM The Balada Injector malware has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin. The attacks inject a backdoor that redirects visitors to fake support pages, lottery sites, and push notification scams. Defending against these attacks includes updating themes and plugins and minimizing the number … Read more
November 14, 2023 at 06:34PM The WordPress plugin WP Fastest Cache has an SQL injection vulnerability that could allow attackers to access the site’s database. Over 600,000 websites are still using a vulnerable version of the plugin. The vulnerability affects all versions before 1.2.2. An exploit will be released on November 27, 2023, and users … Read more
October 26, 2023 at 08:42AM A case study by Reflectiz highlights the risks of forgotten and misconfigured pixels on websites. In one instance, a healthcare provider had a pixel that collected private data without user consent, potentially leading to fines and damage to the company’s reputation. Configuration drift and compliance issues related to privacy regulations … Read more
October 17, 2023 at 05:54AM Researchers have discovered a critical vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited for over a month. The bug allows attackers to upload arbitrary files to vulnerable sites, leading to remote code execution. The vulnerability has been targeted in over 46,000 attacks, with most … Read more