August 22, 2024 at 06:21AM A critical security vulnerability in the Litespeed Cache plugin, affecting more than 5 million WordPress websites, allows unauthenticated attackers to gain administrator privileges. The bug bounty program of Patchstack disclosed this vulnerability, leading to a $14,400 reward for the researcher. Although a fix has been issued, around 2 million websites … Read more
February 27, 2024 at 01:09AM A critical security flaw (CVE-2024-1071) has been discovered in the Ultimate Member WordPress plugin, potentially allowing attackers to exploit SQL injection and extract sensitive data from the database. The issue has been addressed in version 2.8.3, following responsible disclosure. Users are strongly advised to update the plugin to mitigate potential … Read more
November 14, 2023 at 06:34PM The WordPress plugin WP Fastest Cache has an SQL injection vulnerability that could allow attackers to access the site’s database. Over 600,000 websites are still using a vulnerable version of the plugin. The vulnerability affects all versions before 1.2.2. An exploit will be released on November 27, 2023, and users … Read more