February 27, 2024 at 01:09AM A critical security flaw (CVE-2024-1071) has been discovered in the Ultimate Member WordPress plugin, potentially allowing attackers to exploit SQL injection and extract sensitive data from the database. The issue has been addressed in version 2.8.3, following responsible disclosure. Users are strongly advised to update the plugin to mitigate potential … Read more
January 25, 2024 at 09:22AM The ‘Better Search Replace’ WordPress plugin, used by over one million sites, has a critical vulnerability allowing attackers to execute malicious code. Exploits have surged, prompting the release of version 1.4.5 to address this flaw. Urgent upgrading is recommended as attacks are growing, impacting all versions up to 1.4.4. Based … Read more
December 12, 2023 at 11:53AM A critical unauthenticated RCE bug in the Backup Migration plug-in for WordPress, tracked as CVE-2023-6553, allows threat actors to execute arbitrary PHP code and compromise sites. Wordfence blocked 39 attacks targeting this vulnerability, prompting a patch release by BackupBliss. All versions up to 1.3.7 are vulnerable; users should update to … Read more
December 12, 2023 at 09:30AM Two popular WordPress plugins, Elementor and Backup Migration, have been found to have critical remote code execution (RCE) vulnerabilities, affecting over 5 million users. Elementor’s RCE flaw was due to an authenticated arbitrary file upload issue, while Backup Migration’s CVE-2023-6553 vulnerability was exploited to include malicious PHP code. Updated versions … Read more
December 11, 2023 at 05:48PM A critical security flaw in the WordPress Backup Migration plugin (CVE-2023-6553) allows unauthenticated attackers to remotely execute PHP code, compromising vulnerable websites. The bug, rated 9.8/10 in severity, was quickly patched after being reported to BackupBliss. However, many websites remain vulnerable, and WordPress admins are urged to take immediate action … Read more