WordPress Supply Chain Attack Spreads Across Multiple Plug-Ins

June 25, 2024 at 12:53PM Multiple plug-ins on WordPress.org were compromised by threat actors, injecting malicious code aimed at granting attackers administrative privileges and enabling further malicious activity. The affected plug-ins, including the popular Social Warfare, have been delisted and are unavailable for download, with a recommendation to remove them immediately and perform a complete … Read more

Discontinued Security Plugins Expose Many WordPress Sites to Takeover

March 15, 2024 at 08:15AM Thousands of WordPress websites are at risk due to critical vulnerabilities in two MiniOrange plugins, Malware Scanner and Web Application Firewall. The flaw allows unauthorized users to gain administrative privileges and take control of a site. Similarly, another high-severity vulnerability was found in the RegistrationMagic plugin, enabling unauthorized users to … Read more