28 Oct 2021

WordPress Plugin Bug Lets Subscribers Wipe Sites

A new flaw has been discovered in a popular WordPress plugin called Hashthemes Demo Importer. The vulnerability allows any authenticated user to wipe a vulnerable WordPress site completely clean, deleting all content and uploaded media. The plugin boasts more than 8,000 active installations. According to security researchers at Wordfence, the

Read More
10 Nov 2020

Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin

WordPress has patched a critical privilege escalation vulnerability discovered in the popular plugin Ultimate Member. WordPress is urging its customers to implement the security update as soon as possible to avoid heightened risks of cyberattacks exploiting the flaw. The plugin has 100,000 active installations spanning thousands of different website types

Read More
13 Mar 2020

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

WordPress is facing more vulnerabilities, this time in its Popup Builder plugin. The flaw allows unauthenticated attackers to inject malicious JavaScript into popups, which can then affect tens of thousands of websites and allow the attacker to steal information and take over targeted sites in the worst-case scenario. The plugin

Read More
20 Feb 2020

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

A zero-day vulnerability in a WordPress plugin is being exploited by hackers. The plugin was made by ThemeREX, a company that sells commercial WordPress themes. Security firm Wordfence discovered the attacks yesterday, stating that the plugin is installed on over 40,000 sites. According to the firm, the plugin sets up

Read More