Zero-day in WordPress SMTP plugin abused to reset admin account passwords
Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000...
Tagged: WordPress
Malware creates scam online stores on top of hacked WordPress sites
Image: ZDNet, WordPress A new cybercrime gang has been seen taking over vulnerable WordPress sites to install hidden e-commerce stores with the purpose of...
Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin
Critical privilege escalation vulnerabilities have been patched in the popular WordPress plugin Ultimate Member. Accounting for over 100,000 active installations on websites that use...
KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others
A highly sophisticated botnet is believed to have infected hundreds of thousands of websites by attacking their underlying content management system (CMS) platforms. Named KashmirBlack,...
WordPress deploys forced security update for dangerous bug in popular plugin
The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for...
Millions of WordPress sites are being probed & attacked with recent plugin bug
Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday. The sudden...
WordPress ‘File Manager’ Plugin Patches Critical Zero-Day Exploited in Attacks
The highly popular WordPress plugin File Manager this week received a patch to address an actively exploited zero-day vulnerability. Designed to provide WordPress site...
WordPress File Manager plugin flaw causing website hijack exploited in the wild
The developers of the WordPress File Manager plugin have patched an actively-exploited security issue permitting full website hijacking. According to the Sucuri WordPress...
WordPress Sites Targeted via Vulnerabilities in WooCommerce Discounts Plugin
The owners and administrators of e-commerce websites powered by WordPress and the WooCommerce platform have been warned of attacks exploiting vulnerabilities discovered recently by...
KingComposer patches XSS flaw impacting 100,000 WordPress websites
A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin. KingComposer is a drag-and-drop page builder for...