Tag: wordpress
-
Smashing Security podcast #389: WordPress vs WP Engine, and the Internet Archive is down
WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-389/
-
Jetpack patches critical bug that exposed data on 27M WordPress sites
First seen on scworld.com Jump to article: www.scworld.com/news/jetpack-patches-critical-bug-that-exposed-data-on-27m-wordpress-sites
-
WordPress plugin Jetpack fixes nearly decade-old critical security flaw
First seen on therecord.media Jump to article: therecord.media/wordpress-jetpack-plugin-fixes-flaw
-
WP Engine Accuses WordPress of ‘Forcibly’ Taking Over Its Plug-in
Tags: wordpressWordPress moves could have security implications for sites using Advanced Custom Fields plug-in. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/wp-engine-accuses-wordpress-forcibily-taking-over-plug-in
-
Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack
Automattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability. The post Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-vulnerability-patched-in-101-releases-of-wordpress-plugin-jetpack/
-
WordPress Jetpack plugin critical flaw impacts 27 million sites
WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions by others on the same site. The maintainers of the WordPress Jetpack plugin have addressed a critical vulnerability that could allow logged-in users to access forms submitted by other users on the same site. Jetpack is a…
-
Millions at Risk: Jetpack Plugin Patches Critical Vulnerability
The Jetpack WordPress plugin, developed by Automattic, has recently rolled out a crucial security update to address a vulnerability that impacts approximately 27 million websites. This Jetpack vulnerability allows logged-in users to access submitted forms on sites utilizing the plugin, posing potential privacy risks for users and site owners. First seen on thecyberexpress.com Jump to…
-
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site.Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth.…
-
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/jetpack-fixes-critical-information-disclosure-flaw-existing-since-2016/
-
WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly
Tags: wordpressWP Engine seems to be excluded from sponsoring events, too First seen on theregister.com Jump to article: www.theregister.com/2024/10/14/wordpress_forks_wpengine_plugin/
-
WordPress-Plug-in: Abermals gravierende Sicherheitslücke in Litespeed Cache
Auf mehr als sechs Millionen Websites lauert eine schwerwiegende Schwachstelle im WordPress-Plug-in Litespeed Cache. Ein Update steht bereit. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-Plug-in-Abermals-gravierende-Sicherheitsluecke-in-Litespeed-Cache-9975165.html
-
Single HTTP Request Can Exploit 6M WordPress Sites
The popular LiteSpeed Cache plug-in is vulnerable to unauthenticated privilege escalation via a dangerous XSS flaw. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/single-http-request-exploit-6m-wordpress
-
Security Affairs newsletter Round 492 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache plugin flaw could allow site takeover Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session…
-
WordPress LiteSpeed Cache plugin flaw could allow site takeover
A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers to execute arbitrary JavaScript. The vulnerability is a stored cross-site scripting (XSS) issue impacting versions…
-
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including…
-
Unsecured WordPress folder exposes ChoiceDNA records
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/unsecured-wordpress-folder-exposes-choicedna-records
-
Facial DNA provider leaks biometric data via WordPress folder
ChiceDNA exposed 8,000 sensitive records, including biometric images, personal details, and facial DNA data in an unsecured WordPress… First seen on hackread.com Jump to article: hackread.com/facial-dna-provider-leak-biometric-data-wordpress-folder/
-
Missionen Webseiten gefährdet Plugin LiteSpeed Cache mit neuer Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/wordpress-plugin-litespeed-cache-sicherheits-update-a-ab0af2fba3fc00ee07a5fd8e25b95239/
-
WordPress-Websites im Visier einer neuen FakeUpdates-Kampagne
FakeUpdates, auch bekannt als SocGholish, ist seit mindestens 2017 aktiv und verwendet JavaScript-Malware, um Websites anzugreifen, insbesondere solch… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wordpress-websites-im-visier-einer-neuen-fakeupdates-kampagne/a36764/
-
Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthentica… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/critical-security-flaw-found-in.html
-
WordPress-Hoster Kinsta von Phishing-Anzeigen geplagt
Der WordPress-Hosting-Anbieter Kinsta warnt seine Kunden vor Google-Anzeigen, die für Phishing-Seiten werben, über die Anmeldedaten für MyKinsta gesto… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/wordpress-hoster-kinsta-von-phishing-anzeigen-geplagt
-
Sicherheitslücke in WordPress-Plugin bedroht mehr als 300.000 Webseiten
Das WordPress-Plugin Forminator, das auf über 500.000 Webseiten zu finden ist, hat eine Schwachstelle, die es Angreifern erlaubt, unbeschränkte Datei-… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/sicherheitslucke-in-wordpress-plugin-bedroht-mehr-als-300-000-webseiten
-
WordPress-Plug-in LiteSpeed Cache erneut angreifbar
Tags: wordpressFirst seen on heise.de Jump to article: www.heise.de/news/WordPress-Plug-in-LiteSpeed-Cache-erneut-angreifbar-9859538.html
-
WordPress plugin and theme developers told they must use 2FA
Starting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from targeting millions of websites. Source: www.tripwire.com/state-of-security/wordpress-plugin-and-theme-developers-told-they-must-use-2fa comments: 0
-
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily.The enforcement is expected to come into effect starting October 1, 2024.”Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide,”…
-
WordPress erhöht ab Oktober die Sicherheit
WordPress soll sicherer werden. Daher müssen Plug-in- und Theme-Autoren ab Oktober die Zwei-Faktor-Authentifizierung (2FA) und die Verwendung von Subversion(SVN)-spezifischen Passwörtern aktivieren. Source: www.8com.de/cyber-security-blog/wordpress-erhoht-ab-oktober-die-sicherheit comments: 0
-
WordPress Mandates 2FA, SVN Passwords for Plugin, Theme Authors
First seen on hackread.com Jump to article: hackread.com/wordpress-2fa-svn-passwords-plugin-theme-authors/
-
DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress
Cybersecurity researchers from QiAnXin have uncovered an advanced malware campaign named DarkCracks, which exploits vulnerabilities in compromised GLP… First seen on securityonline.info Jump to article: securityonline.info/darkcracks-a-new-stealthy-malware-framework-exploiting-glpi-and-wordpress/
-
LiteSpeed Cache Bug Could Impact Multiple WordPress Sites
Tags: wordpressFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/litespeed-cache-bug-could-impact-multiple-wordpress-sites