Tag: wordpress
-
Critical flaw in WordPress plugin exploited to install malicious software
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-flaw-in-wordpress-plugin-exploited-to-install-malicious-software
-
390,000 WordPress credentials compromised via phishing, GitHub repos
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/390000-wordpress-credentials-compromised-via-phishing-github-repos
-
Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys
by
in SecurityNewsSUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified… First seen on hackread.com Jump to article: hackread.com/hackers-fake-pocs-github-wordpress-credentials-aws-keys/
-
390,000 WordPress accounts stolen from hackers in supply chain attack
by
in SecurityNewsA threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/
-
Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors
by
in SecurityNewsAn unknown hacker called MUT-1244 used information-stealing malware to not only grab sensitive data from cybersecurity professionals but also to steal WordPress credentials from other bad actors who had bought them on the dark web. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/hacker-uses-info-stealer-against-security-pros-other-bad-actors/
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
by
in SecurityNewsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog…
-
Critical WordPress plugin vulnerability under active exploit threatens thousands
by
in SecurityNewsVulnerability with severity rating of 9.8 out of possible 10 still live on >8,000 sites. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/thousands-of-sites-remain-unpatched-against-actively-exploited-wordpress-plugin-bug/
-
Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites
by
in SecurityNewsTwo vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites. The post Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunk-companion-wp-query-console-vulnerabilities-chained-to-hack-wordpress-sites/
-
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
by
in SecurityNewsMalicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.”This flaw poses a…
-
Hunk Companion WordPress plugin exploited to install vulnerable plugins
by
in SecurityNewsHackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/
-
WPForms bug allows Stripe refunds on millions of WordPress sites
by
in SecurityNewsA vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/
-
CVE-2024-11205: WPForms Plugin Vulnerability Exposes 6 Million WordPress Sites to Financial Risk
by
in SecurityNewsA critical vulnerability, identified as CVE-2024-11205, was discovered in the WPForms plugin, a popular WordPress form builder used by over 6 million active websites. This vulnerability, which has been assigned a high CVSS score of 8.5, targets businesses relying on WPForms for payment processing and subscription management, especially those using Stripe integration. First seen on…
-
WPForms-Plug-in reißt Sicherheitsleck in 6 Millionen Webseiten
by
in SecurityNews
Tags: wordpressIm WordPress-Plug-in WPForms können Angreifer eine Lücke missbrauchen, um etwa Zahlungen rückabzuwickeln. Sechs Millionen Webseiten nutzen das Plug-in. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-WPForms-Plug-in-reisst-Sicherheitsleck-in-6-Millionen-Webseiten-10193387.html
-
Über 200.000 Seiten betroffen: Dieses WordPress-Plugin hat kritische Sicherheitslücken
by
in SecurityNews
Tags: wordpressFirst seen on t3n.de Jump to article: t3n.de/news/20000-seiten-wordpress-sicherheitsgefahrt-1660835/
-
Sicherheitsgefahr bei WordPress: Beliebtes AntiPlugin entpuppt sich als Einfallstor für Hacker
by
in SecurityNewsFirst seen on t3n.de Jump to article: t3n.de/news/wordpress-gefahrt-plugin-anti-spam-cleantalk-1660835/
-
WordPress-Websites im Visier einer neuen FakeUpdates-Kampagne
by
in SecurityNewsFakeUpdates, auch bekannt als SocGholish, ist seit mindestens 2017 aktiv und verwendet JavaScript-Malware, um Websites anzugreifen, insbesondere solch… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wordpress-websites-im-visier-einer-neuen-fakeupdates-kampagne/a36764/
-
Hacker bekommen vollen Website-Zugriff: Beliebtes WordPress-Plugin hat gefährliche Schwachstellen
by
in SecurityNewsFirst seen on t3n.de Jump to article: t3n.de/news/hacker-wordpress-plugin-schwachstelle-1660835/
-
Sicherheitslücke bei WordPress: Millionen Webseiten betroffen
by
in SecurityNewsSicherheitsforscher haben eine neue Sicherheitslücke in einem WordPress-Plugin gefunden und ihre Erkenntnisse veröffentlicht. Jetzt suchen Hacker nach… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/sicherheitslucke-bei-wordpress-millionen-webseiten-betroffen
-
WordPress Plug-in loggt Passwörter im Klartext
by
in SecurityNewsDas All-In-One Security (AIOS) WordPress Plug-in kommt in mehr als einer Million Webseiten zum Einsatz. Jetzt zeigt sich, dass das Plug-in Nutzerpassw… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/wordpress-plug-in-loggt-passworter-im-klartext
-
WordPress-Hoster Kinsta von Phishing-Anzeigen geplagt
by
in SecurityNewsDer WordPress-Hosting-Anbieter Kinsta warnt seine Kunden vor Google-Anzeigen, die für Phishing-Seiten werben, über die Anmeldedaten für MyKinsta gesto… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/wordpress-hoster-kinsta-von-phishing-anzeigen-geplagt
-
Sicherheitslücke in WordPress-Plugin bedroht mehr als 300.000 Webseiten
by
in SecurityNewsDas WordPress-Plugin Forminator, das auf über 500.000 Webseiten zu finden ist, hat eine Schwachstelle, die es Angreifern erlaubt, unbeschränkte Datei-… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/sicherheitslucke-in-wordpress-plugin-bedroht-mehr-als-300-000-webseiten
-
WordPress erhöht ab Oktober die Sicherheit
by
in SecurityNewsWordPress soll sicherer werden. Daher müssen Plug-in- und Theme-Autoren ab Oktober die Zwei-Faktor-Authentifizierung (2FA) und die Verwendung von Subv… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/wordpress-erhoht-ab-oktober-die-sicherheit
-
Widespread WordPress compromise possible with critical plugin flaws
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/widespread-wordpress-compromise-possible-with-critical-plugin-flaws
-
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
by
in SecurityNewsTwo critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in…
-
200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability
by
in SecurityNewsA critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites. The vulnerability, which includes two distinct flaws (CVE-2024-10542 and CVE-2024-10781), could allow attackers to install and activate arbitrary plugins on affected websites, potentially leading to remote code execution and full site compromise. Website owners…
-
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites
by
in SecurityNewsTwo vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely. The post Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-vulnerabilities-found-in-anti-spam-plugin-used-by-200000-wordpress-sites/
-
WordPress-Plug-in Anti-Spam by Cleantalk gefährdet 200.000 Seiten
by
in SecurityNewsIm WordPress-Plug-in Anti-Spam by Cleantalk klaffen gleich zwei Sicherheitslücken, durch die nicht authentifizierte Angreifern Instanzen kompromittieren können. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-Plug-in-Anti-Spam-by-Cleantalk-gefaehrdet-200-000-Seiten-10175993.html
-
WordPress forces user conf organizers to share social media credentials, arousing suspicions
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/28/wordcamp_password_sharing_requirement/
-
WordPress Plug-In Vulnerability Threatens 4 Million Sites
by
in SecurityNewsCritical Authentication Flaw Impacts Both Free and Pro Users. A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/wordpress-plug-in-vulnerability-threatens-4-million-sites-a-26843