WordPress Plugin Weaponizes Legit Sites To Steal Customer Payment Data
PhishWP, a newly discovered WordPress plugin, is being used by cybercriminals to maliciously convert legitimate websites into phishing traps, putting user data at risk.
Cybercriminals created the WordPress plugin PhishWP. It generates fake payment pages...
WordPress To Mandate 2FA for Theme And Plugin Developers
Beginning on October 1st, 2024, WordPress will mandate two-factor authentication (2FA) for plugin and theme creators as a new security measure.
Themes and plugins that are used by millions of WordPress websites worldwide can be...
.webp?w=324&resize=324,235&ssl=1 "WordPress Plugin Flaw Exposes 1,000,000 WordPress Sites to Remote Code Attacks")
WordPress Plugin Flaw Exposes 1,000,000 WordPress Sites to Remote Code Attacks
A vulnerability in the WPML (WordPress Multilingual) plugin has put over a million WordPress sites at risk of remote code execution (RCE) attacks.
This flaw allows authenticated users with contributor-level access or higher to...
%20(1).webp?w=324&resize=324,235&ssl=1 "WordPress Plugin Flaw Let Attackers Seize Administrative Control")
WordPress Plugin Flaw Let Attackers Seize Administrative Control
A critical vulnerability has been discovered in the popular Profile Builder and Profile Builder Pro plugins, with over 50,000 active installations.
The flaw, identified during a routine audit of various WordPress plugins, allows unauthenticated attackers...
.webp?w=324&resize=324,235&ssl=1 "WordPress Calendar Plugin RCE Flaw Exposes 150,000 Sites for Hacking")
WordPress Calendar Plugin RCE Flaw Exposes 150,000 Sites for Hacking
A security flaw was discovered in the Modern Events Calendar, a widely used WordPress plugin with over 150,000 active installations.
The vulnerability, identified as an Arbitrary File Upload flaw, allows authenticated users, such as...
WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws
WordPress has released an urgent security update, version 6.5.5, addressing critical vulnerabilities that could potentially compromise the security of millions of websites.
This minor release, which also includes three bug fixes in the core,...
Hackers Exploit Litespeed Plugin Flaw To Create Rogue Admin Accounts
WordPress plugins make WordPress more useful, but most have flaws that hackers may try to exploit to get unauthorized entry or introduce malicious code.
The popularity and widespread use of common plugins make them an...
%20(1).webp?w=324&resize=324,235&ssl=1 "Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack")
Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack
A critical cross-site scripting (XSS) vulnerability has been discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5 million websites at risk of compromise.
The flaw was found by security researcher Bassem Essam...
Hackers Actively Exploiting WP Automatic Updates Plugin Vulnerability
Hackers often target WordPress plugins as they have security loopholes that they can exploit to hack into sites without permission.
Once they have found them, threat actors can insert corrupted scripts into these loopholes to...
.webp?w=324&resize=324,235&ssl=1 "WordPress Responsive Theme Flaw Let Attackers Inject Malicious HTML Scripts")
WordPress Responsive Theme Flaw Let Attackers Inject Malicious HTML Scripts
A vulnerability was identified in the WordPress theme, "Responsive," allowing attackers to inject arbitrary HTML content into websites.
This flaw, as CVE-2024-2848, poses a severe risk to website integrity and user safety.
CVE-2024-2848 - Arbitrary...
Recent Posts
CyTwist Launches Advanced Security Solution to identify AI-Driven Cyber Threats in...
CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware.
The cybersecurity...