28 Jan 2021

Pirated themes and plugins are the most widespread threat to WordPress sites

With more than 70 million malicious files on more than 1.2 million WordPress sites over the past year, pirated themes and plugins were the most common source of malware infections to sites. Wordfence, a provider of website application firewall solutions for sites operating over WordPress, detected the massive amount of

Read More
10 Nov 2020

Critical privilege escalation bugs squashed in WordPress Ultimate Member plugin

WordPress has patched a critical privilege escalation vulnerability discovered in the popular plugin Ultimate Member. WordPress is urging its customers to implement the security update as soon as possible to avoid heightened risks of cyberattacks exploiting the flaw. The plugin has 100,000 active installations spanning thousands of different website types

Read More
14 Sep 2020

WordPress Plugin Flaw Allows Attackers to Forge Emails

More than 100,000 WordPress sites are subject to a critical flaw that lies in a plugin service called Email Subscribers and Newsletters by Icegram. The plugin is a high-severity flaw that allows websites to send out emails and newsletters to subscribers securely and efficiently, however, it is now being exploited

Read More
03 Sep 2020

A Critical Flaw Is Affecting Thousands of WordPress Sites

Hackers are currently actively exploiting a vulnerability in WordPress which the threat actors can manipulate to execute malicious commands and scripts on Websites running File Manager. File Manager is a WordPress plugin that has over 700,000 active installations, according to researchers. The security flaw has been patched, however, the first

Read More
05 Aug 2020

Newsletter WordPress Plugin Opens Door to Site Takeover

A WordPress plugin designed to create newsletters and email campaigns within the platform called Newsletter has been downloaded over 300,000 times. However, security researchers recently found that the plugin contains a pair of vulnerabilities that could potentially allow threat actors to achieve a site takeover. One vulnerability is an XSS

Read More
05 Jun 2020

Attackers tried to grab WordPress configuration files from over a million sites

A hacker tried to gather the WordPress configuration files of 1.3 million sites in one month after insertion a backdoor into the sites in early May. The XSS campaigns have been previously reported and sent attacks from over 20,000 different IP addresses. However, this new campaign is using the same

Read More
21 May 2020

Thousands of Israeli sites defaced with code seeking permission to access users’ webcams

A new threat actor group by the name “Hackers of Savoir” has targeted thousands of Israeli websites, defacing them to display an anti-Israeli message and malicious code that requests access to site visitors’ webcams. Researchers believe that more than 2,000 websites have been defaced by the group during the campaign,

Read More
01 Apr 2020

Critical WordPress Plugin Bug Lets Hackers Turn Users Into Admins

A vulnerability has been found in the WordPress SEO Plugin that allows attackers to give admin privileges to any registered users on sites run by WordPress. This leaves 200,000 sites with active installations vulnerable to attack if left unpatched. The plugin, called Rank math, allows website owners to perform search

Read More
13 Mar 2020

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

WordPress is facing more vulnerabilities, this time in its Popup Builder plugin. The flaw allows unauthenticated attackers to inject malicious JavaScript into popups, which can then affect tens of thousands of websites and allow the attacker to steal information and take over targeted sites in the worst-case scenario. The plugin

Read More
20 Feb 2020

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

A zero-day vulnerability in a WordPress plugin is being exploited by hackers. The plugin was made by ThemeREX, a company that sells commercial WordPress themes. Security firm Wordfence discovered the attacks yesterday, stating that the plugin is installed on over 40,000 sites. According to the firm, the plugin sets up

Read More