WordPress Updates More Than a Million Sites to Fix Critical Ninja Forms Vulnerability
Content Management system (CMS) provider WordPress has updated over one million sites in order to patch a critical vulnerability that affects a popular plugin known as Ninja Forms. Wordfence threat intelligence allegedly detected the flaw in June and reported it to the company. The details were explained in an advisory
Elementor Fixes Critical Bug in Popular WordPress Plugin
Elementor, a popular WordPress plugin, has received a critical update that patches a vulnerability that could be leveraged by attackers to change the appearance of websites. Elementor functions as a website building plugin, enabling users too easily create websites for themselves or their business without having to write code. Elementor
Vulnerability found in WordPress plugin with over 3 million installations
Cybersecurity researchers at Wordfence have warned that a vulnerability in a WordPress plugin has been detected. The plugin reportedly boasts over 3 million installations, and the vulnerability was first discovered by security researcher Marc Montpas. Wordfence released a blog post explaining the vulnerability and how it allows any logged-in user,
WordPress Plugin Bug Lets Subscribers Wipe Sites
A new flaw has been discovered in a popular WordPress plugin called Hashthemes Demo Importer. The vulnerability allows any authenticated user to wipe a vulnerable WordPress site completely clean, deleting all content and uploaded media. The plugin boasts more than 8,000 active installations. According to security researchers at Wordfence, the
Critical Zero-Day in WordPress Plugin Under Active Attack
Security researchers have warned that a new critical zero-day vulnerability in a WordPress plugin has been found to be actively exploited in the wild. The plugin, called the Fancy Product Designer, is installed on roughly 17,000 sites, according to Wordfence security experts. The tool allows users to upload images and
Severe Flaws in Official ‘Facebook for WordPress’ Plugin
Security researchers have discovered critical vulnerabilities in the official Facebook for WordPress plugin, finding that they can be abused to upload arbitrary files which would likely lead to remote code execution. Wordfence researchers recently released a warning advising users to exercise caution and to implement Facebook’s patch as soon as
Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws
Attackers are currently targeting WordPress users who have not implemented patches to their plugins. Thrive Themes, a company that offers various products connected to WordPress, recently released patches for vulnerabilities within its services. However, researchers found that users who have failed to implement the fixes are being actively targeted by
Pirated themes and plugins are the most widespread threat to WordPress sites
With more than 70 million malicious files on more than 1.2 million WordPress sites over the past year, pirated themes and plugins were the most common source of malware infections to sites. Wordfence, a provider of website application firewall solutions for sites operating over WordPress, detected the massive amount of
Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin
WordPress has patched a critical privilege escalation vulnerability discovered in the popular plugin Ultimate Member. WordPress is urging its customers to implement the security update as soon as possible to avoid heightened risks of cyberattacks exploiting the flaw. The plugin has 100,000 active installations spanning thousands of different website types
WordPress Plugin Flaw Allows Attackers to Forge Emails
More than 100,000 WordPress sites are subject to a critical flaw that lies in a plugin service called Email Subscribers and Newsletters by Icegram. The plugin is a high-severity flaw that allows websites to send out emails and newsletters to subscribers securely and efficiently, however, it is now being exploited