WordPress - Security Ticks

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks

Vulnerabilities, vulnerability, WordPress / SecurityTicks

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks 2024-09-06 at 13:31 By Ionut Arghire A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies. The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek. This article is […]

React to this headline:

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks Read More »

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

Vulnerabilities, WordPress / SecurityTicks

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites 2024-08-27 at 18:16 By Ionut Arghire A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server. The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on

React to this headline:

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites Read More »

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites

plugin vulnerability, Vulnerabilities, WordPress / SecurityTicks

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites 2024-08-22 at 13:31 By Eduard Kovacs A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user. The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on

React to this headline:

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites Read More »

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

plugin, Vulnerabilities, vulnerability, WordPress / SecurityTicks

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover 2024-08-20 at 18:16 By Ionut Arghire A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek. This article

React to this headline:

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover Read More »

Compromised plugins found on WordPress.org

backdoor, Don't miss, Hot stuff, News, plugin, supply chain compromise, Wordfence, WordPress / SecurityTicks

Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript

React to this headline:

Compromised plugins found on WordPress.org Read More »

Several Plugins Compromised in WordPress Supply Chain Attack

supply chain, Supply Chain Security, WordPress / SecurityTicks

Several Plugins Compromised in WordPress Supply Chain Attack 2024-06-25 at 16:01 By Ionut Arghire Five WordPress plugins were injected with malicious code that creates a new administrative account. The post Several Plugins Compromised in WordPress Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Several Plugins Compromised in WordPress Supply Chain Attack Read More »

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

CVE-2023-40000, CVE-2023-6961, CVE-2024-2194, Fastly, Malware & Threats, Vulnerabilities, WordPress / SecurityTicks

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors 2024-05-30 at 18:17 By Ionut Arghire Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites. The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors Read More »

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

cybercrime, WordPress / SecurityTicks

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors 2024-04-26 at 13:16 By Ionut Arghire A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites. The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors Read More »

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Vulnerabilities, vulnerability, WordPress / SecurityTicks

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites 2024-04-03 at 16:16 By Ionut Arghire A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article is

React to this headline:

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites Read More »

Security Flaw in WP-Members Plugin Leads to Script Injection

Application Security, CVE-2024-1852, Vulnerabilities, Wordfence, WordPress, WP-Members / SecurityTicks

Security Flaw in WP-Members Plugin Leads to Script Injection 2024-04-02 at 18:46 By Ionut Arghire A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Security Flaw in WP-Members Plugin Leads to Script Injection Read More »

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

Vulnerabilities, WordPress / SecurityTicks

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks 2024-03-11 at 17:18 By Ionut Arghire A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites. The post Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks Read More »

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

Incident Response, remote code execution, SQL injection, Ultimate Member, Vulnerabilities, WordPress / SecurityTicks

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin 2024-02-26 at 17:33 By Ionut Arghire The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. The post Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin Read More »

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin

exploited, Vulnerabilities, WordPress / SecurityTicks

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin 2024-02-20 at 16:16 By Ionut Arghire Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware. The post Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin Read More »

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

Vulnerabilities, WordPress / SecurityTicks

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution 12/12/2023 at 17:31 By Ionut Arghire Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks. The post Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution appeared first on SecurityWeek. This article is

React to this headline:

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution Read More »

WordPress 6.4.2 Patches Remote Code Execution Vulnerability

Vulnerabilities, WordPress / SecurityTicks

WordPress 6.4.2 Patches Remote Code Execution Vulnerability 08/12/2023 at 18:32 By Ionut Arghire WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code. The post WordPress 6.4.2 Patches Remote Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

WordPress 6.4.2 Patches Remote Code Execution Vulnerability Read More »

EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain

BNB Chain, BSC, EtherHiding, hackers, Malware, scams, smart contracts, WordPress / SecurityTicks

EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain 20/10/2023 at 10:04 By Cointelegraph By Martin Young According to cybersecurity analysts at 0xScope and CertiK, threat actors may prefer using BNB Smart Chain contracts because it’s cheaper and seen as having lower security than Ethereum. This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain Read More »

Researchers warn of increased malware delivery via fake browser updates

consumer, Don't miss, enterprise, Hot stuff, Malware, News, Proofpoint, Sekoia.io, WordPress / SecurityTicks

Researchers warn of increased malware delivery via fake browser updates 17/10/2023 at 13:32 By Zeljka Zorz ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish “malware delivery via fake browser updates” campaigns, Sekoia researchers have concluded. About ClearFake ClearFake

React to this headline:

Researchers warn of increased malware delivery via fake browser updates Read More »

EtherHiding: Hackers create novel way to hide malicious code in blockchains

BNB Chain, BSC Chain, hackers, Malware, scams, smart contracts, WordPress / SecurityTicks

EtherHiding: Hackers create novel way to hide malicious code in blockchains 16/10/2023 at 09:04 By Cointelegraph By Martin Young Threat actors have worked out a way to hide malicious payloads in Binance smart contracts to lure victims into updating their browsers from fake prompts, according to cybersecurity researchers. This article is an excerpt from Cointelegraph.com

React to this headline:

EtherHiding: Hackers create novel way to hide malicious code in blockchains Read More »

Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin

backdoor, Malware & Threats, WordPress / SecurityTicks

Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin 12/10/2023 at 17:50 By Ionut Arghire A backdoor deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence. The post Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin Read More »

Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites

Malware & Threats, WordPress / SecurityTicks

Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites 09/10/2023 at 19:16 By Eduard Kovacs Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. The post Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites appeared first on

React to this headline:

Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites Read More »