WordPress

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild

exploited, Vulnerabilities, WordPress, WordPress plugin /

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild 2025-04-11 at 15:17 By Ionut Arghire A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild. The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild Read More »

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Malware & Threats, mu-plugins, Sucuri, Vulnerabilities, WordPress, WordPress plugin /

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory 2025-03-31 at 18:07 By Ionut Arghire Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory Read More »

8,000 New WordPress Vulnerabilities Reported in 2024

report, Vulnerabilities, vulnerability, WordPress /

8,000 New WordPress Vulnerabilities Reported in 2024 2025-03-17 at 18:14 By Ionut Arghire Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

8,000 New WordPress Vulnerabilities Reported in 2024 Read More »

MUT-1244 targeting security researchers, red teamers, and threat actors

Checkmarx, cryptojacking, data theft, Datadog, Don't miss, GitHub, Hot stuff, News, phishing, WordPress /

MUT-1244 targeting security researchers, red teamers, and threat actors 2024-12-16 at 17:33 By Zeljka Zorz A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order to steal AWS access keys, WordPress account credentials and other sensitive data. MUT-1244 has

React to this headline:

Loading spinner

MUT-1244 targeting security researchers, red teamers, and threat actors Read More »

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework

cyberattack, D-Link, phishing, SAML, Threat Actors, WordPress /

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework 2024-10-14 at 09:52 By dakshsharma16 Key Takeaways Overview The Cyble Vulnerability Intelligence unit identified several new cyberattacks during the week of Oct. 2-8. Among the targets are the Ruby SAML library, several D-Link NAS devices, the aiohttp client-server framework used for asyncio and Python, and a

React to this headline:

Loading spinner

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework Read More »

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan

Banking Trojan, Honeypot, vulnerability, WordPress /

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan 2024-10-01 at 08:46 By dakshsharma16 Key Takeaways Overview Cyble’s Threat Hunting service this week discovered multiple instances of exploit attempts, malware intrusions, financial fraud, and brute-force attacks via its network of Honeypot sensors. In the week of Sept. 18-24, Cyble researchers identified five recent active exploits, including new

React to this headline:

Loading spinner

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan Read More »

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks

Vulnerabilities, vulnerability, WordPress /

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks 2024-09-06 at 13:31 By Ionut Arghire A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies. The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks Read More »

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

Vulnerabilities, WordPress /

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites 2024-08-27 at 18:16 By Ionut Arghire A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server. The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on

React to this headline:

Loading spinner

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites Read More »

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites

plugin vulnerability, Vulnerabilities, WordPress /

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites 2024-08-22 at 13:31 By Eduard Kovacs A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user. The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on

React to this headline:

Loading spinner

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites Read More »

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

plugin, Vulnerabilities, vulnerability, WordPress /

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover 2024-08-20 at 18:16 By Ionut Arghire A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover Read More »

Compromised plugins found on WordPress.org

backdoor, Don't miss, Hot stuff, News, plugin, supply chain compromise, Wordfence, WordPress /

Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript

React to this headline:

Loading spinner

Compromised plugins found on WordPress.org Read More »

Several Plugins Compromised in WordPress Supply Chain Attack 

supply chain, Supply Chain Security, WordPress /

Several Plugins Compromised in WordPress Supply Chain Attack  2024-06-25 at 16:01 By Ionut Arghire Five WordPress plugins were injected with malicious code that creates a new administrative account. The post Several Plugins Compromised in WordPress Supply Chain Attack  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Several Plugins Compromised in WordPress Supply Chain Attack  Read More »

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

CVE-2023-40000, CVE-2023-6961, CVE-2024-2194, Fastly, Malware & Threats, Vulnerabilities, WordPress /

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors 2024-05-30 at 18:17 By Ionut Arghire Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites. The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors Read More »

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

cybercrime, WordPress /

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors 2024-04-26 at 13:16 By Ionut Arghire A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites. The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors Read More »

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Vulnerabilities, vulnerability, WordPress /

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites 2024-04-03 at 16:16 By Ionut Arghire A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites Read More »

Security Flaw in WP-Members Plugin Leads to Script Injection

Application Security, CVE-2024-1852, Vulnerabilities, Wordfence, WordPress, WP-Members /

Security Flaw in WP-Members Plugin Leads to Script Injection 2024-04-02 at 18:46 By Ionut Arghire A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Security Flaw in WP-Members Plugin Leads to Script Injection Read More »

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

Vulnerabilities, WordPress /

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks 2024-03-11 at 17:18 By Ionut Arghire A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites. The post Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks Read More »

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

Incident Response, remote code execution, SQL injection, Ultimate Member, Vulnerabilities, WordPress /

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin 2024-02-26 at 17:33 By Ionut Arghire The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. The post Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin Read More »

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin

exploited, Vulnerabilities, WordPress /

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin 2024-02-20 at 16:16 By Ionut Arghire Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware. The post Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin Read More »

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

Vulnerabilities, WordPress /

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution 12/12/2023 at 17:31 By Ionut Arghire Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks. The post Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution Read More »

Scroll to Top