January 25, 2024 at 09:22AM The ‘Better Search Replace’ WordPress plugin, used by over one million sites, has a critical vulnerability allowing attackers to execute malicious code. Exploits have surged, prompting the release of version 1.4.5 to address this flaw. Urgent upgrading is recommended as attacks are growing, impacting all versions up to 1.4.4. Based … Read more
December 12, 2023 at 11:53AM A critical unauthenticated RCE bug in the Backup Migration plug-in for WordPress, tracked as CVE-2023-6553, allows threat actors to execute arbitrary PHP code and compromise sites. Wordfence blocked 39 attacks targeting this vulnerability, prompting a patch release by BackupBliss. All versions up to 1.3.7 are vulnerable; users should update to … Read more
December 8, 2023 at 10:18AM WordPress 6.4.2 addresses a vulnerability that, when combined with another flaw, could lead to the execution of arbitrary code. The update aims to mitigate the risk of remote code execution. (43 words) Based on the meeting notes, the key takeaway is that WordPress version 6.4.2 has addressed a vulnerability that … Read more
October 17, 2023 at 05:54AM Researchers have discovered a critical vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited for over a month. The bug allows attackers to upload arbitrary files to vulnerable sites, leading to remote code execution. The vulnerability has been targeted in over 46,000 attacks, with most … Read more
October 16, 2023 at 03:13PM A critical vulnerability in Royal Elementor Addons and Templates up to version 1.3.78 is being actively exploited by hackers. The flaw, tracked as CVE-2023-5360, allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution, compromising the websites. Two WordPress security firms have reported a significant increase in … Read more
October 12, 2023 at 10:55AM A WordPress backdoor that disguises itself as a legitimate plugin has been discovered by security firm Defiant. The backdoor can run as a plugin and perform various functions, including creating an admin account and serving malicious content based on specific filters. It can also be operated remotely by the threat … Read more
October 12, 2023 at 10:38AM Researchers have discovered a sophisticated malware hidden within an authentic-looking WordPress caching plugin. This malware can create admin accounts and remotely activate plugins, giving threat actors complete control over infected websites. The malware can be difficult to detect and has features like conditional content filtering and file modification capabilities. WordPress … Read more
October 12, 2023 at 06:33AM Researchers have discovered a new type of malware that disguises itself as a WordPress plugin in order to gain control over compromised websites. The malware is capable of creating administrator accounts, remotely controlling the site, altering content, injecting spam links, and redirecting visitors to malicious sites. It is difficult to … Read more
October 11, 2023 at 08:54AM Over 17,000 WordPress websites were hacked in September 2023, double the number from the previous month. Around 9,000 of these websites were infiltrated using a security flaw in the tagDiv Composer plugin, allowing for cross-site scripting attacks. The Balada Injector malware is responsible for these attacks, which aim to redirect … Read more