WordPress Plugin Alert – Critical SQLi Vulnerability Threatens 200K+ Websites

February 27, 2024 at 01:09AM A critical security flaw (CVE-2024-1071) has been discovered in the Ultimate Member WordPress plugin, potentially allowing attackers to exploit SQL injection and extract sensitive data from the database. The issue has been addressed in version 2.8.3, following responsible disclosure. Users are strongly advised to update the plugin to mitigate potential … Read more

Hackers target WordPress database plugin active on 1 million sites

January 25, 2024 at 09:22AM The ‘Better Search Replace’ WordPress plugin, used by over one million sites, has a critical vulnerability allowing attackers to execute malicious code. Exploits have surged, prompting the release of version 1.4.5 to address this flaw. Urgent upgrading is recommended as attacks are growing, impacting all versions up to 1.4.4. Based … Read more

Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover

December 12, 2023 at 11:53AM A critical unauthenticated RCE bug in the Backup Migration plug-in for WordPress, tracked as CVE-2023-6553, allows threat actors to execute arbitrary PHP code and compromise sites. Wordfence blocked 39 attacks targeting this vulnerability, prompting a patch release by BackupBliss. All versions up to 1.3.7 are vulnerable; users should update to … Read more

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

December 12, 2023 at 09:30AM Two popular WordPress plugins, Elementor and Backup Migration, have been found to have critical remote code execution (RCE) vulnerabilities, affecting over 5 million users. Elementor’s RCE flaw was due to an authenticated arbitrary file upload issue, while Backup Migration’s CVE-2023-6553 vulnerability was exploited to include malicious PHP code. Updated versions … Read more

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

December 11, 2023 at 05:48PM A critical security flaw in the WordPress Backup Migration plugin (CVE-2023-6553) allows unauthenticated attackers to remotely execute PHP code, compromising vulnerable websites. The bug, rated 9.8/10 in severity, was quickly patched after being reported to BackupBliss. However, many websites remain vulnerable, and WordPress admins are urged to take immediate action … Read more