Tag: wordpress
-
Essential Addons for Elementor XSS Vulnerability Discovered
by
in SecurityNewsElementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/elementor-plugin-vulnerability-2m/
-
WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack
by
in SecurityNewsA flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-plugin-flaw-exposes/
-
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
by
in SecurityNewsA critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability…
-
Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website
by
in SecurityNewsA subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has intensified its cyber operations through a campaign dubbed BadPilot. This multi-year initiative has targeted critical infrastructure worldwide, expanding the group’s reach beyond its traditional focus on Ukraine and Eastern Europe to include North America, Europe, and Asia-Pacific regions. Exploiting Vulnerabilities…
-
30,000 WordPress Sites Exposed to Exploitation via File Upload Vulnerability
by
in SecurityNewsA critical security vulnerability in the >>Security & Malware scan by CleanTalk
-
Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites
by
in SecurityNewsIn a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool widely used by eCommerce websites, to deploy malicious scripts designed to steal credit card information. This attack vector, often referred to as Magecart or e-skimming, has been observed targeting platforms like Magento, WordPress, and OpenCart, among others. The abuse of GTM…
-
Campaign exploits outdated WordPress sites to spread password-stealing malware
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/campaign-exploits-outdated-wordpress-sites-to-spread-password-stealing-malware
-
WordPress ASE Plugin Vulnerability Threatens Site Security
by
in SecurityNewsPatchstack urges admins to patch new WordPress ASE plugin vulnerability that lets users restore previous admin privileges First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-ase-plugin-flaw/
-
Bösartiges WordPress-Plugin hilft, Zahlungsdaten zu stehlen
by
in SecurityNewsCybersicherheitsexperten von Slashnext haben vor kurzem in einem Blogbeitrag ihren neuesten Fund aus einem russischen Cybercrime-Forum vorgestellt: das bösartige WordPress-Plugin . Das Phishing-Plugin ermöglicht es Angreifern, die Zahlungsdaten von Online-Shoppern abzugreifen unerkannt, in Echtzeit und mit erheblichem Schadenspotenzial. Zur Anwendung kommen kann es dabei sowohl in kompromittierten Websites regulärer E-Commerce-Unternehmen als auch in von […]…
-
Future-Proof Your WordPress Site: Essential Plugins for 2025
by
in SecurityNews
Tags: wordpressThe digital landscape is constantly growing and evolving. As such, some tips and tricks that worked for websites in 2023 might be obsolete in 2025. For any digital professional, remaining dedicated to top-quality practice that stands the test of time is just the start. This means staying ahead of the curve and leveraging the best…
-
WordPress Plugin Vulnerability Exposes 23k+ Websites to Hacking
by
in SecurityNewsResearchers from Patchstack have warned that over 23,000 real estate websites using the popular RealHomes WordPress theme and its bundled Easy Real Estate plugin are exposed to critical security vulnerabilities. These vulnerabilities allow unauthenticated attackers to escalate privileges, take over administrator accounts, and compromise websites. Let’s dive into the technical details of these vulnerabilities and…
-
Critical zero-days impact premium WordPress real estate plugins
by
in SecurityNewsThe RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 29
by
in SecurityNews
Tags: ai, attack, credit-card, group, injection, international, malware, ransomware, service, wordpressSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Ransomware on ESXi: The mechanization of virtualized attacks FunkSec Alleged Top Ransomware Group Powered by AI Abusing AWS Native Services: Ransomware Encrypting S3 Buckets […]…
-
A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks
by
in SecurityNewsA WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. The WordPress W3 Total Cache plugin is a…
-
WordPress-Plug-in W3 Total Cache: Potenziell 1 Millionen Websites attackierbar
by
in SecurityNews
Tags: wordpressStimmen die Voraussetzungen, können Angreifer Websites mit dem WordPress-Plug-in W3 Total Cache ins Visier nehmen. Ein Sicherheitspatch ist verfügbar. First seen on heise.de Jump to article: www.heise.de/news/WordPress-Plug-in-W3-Total-Cache-Potenziell-1-Millionen-Websites-attackierbar-10246228.html
-
WordPress drama latest: Leader Matt Mullenweg exiles five contributors
by
in SecurityNews
Tags: wordpressWordPress.org accounts cancelled, dissidents told to fork off First seen on theregister.com Jump to article: www.theregister.com/2025/01/14/wordpress_leader_matthew_mullenweg_exiles/
-
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
by
in SecurityNewsA new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wp3xyz-malware-attacks-add-rogue-admins-to-5-000-plus-wordpress-sites/
-
Covert Credit Card Skimmer Takes Aim at WordPress Sites
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/covert-credit-card-skimmer-takes-aim-at-wordpress-sites
-
Malicious WordPress database entry, widget steals credit card info
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/malicious-wordpress-database-entry-widget-steals-credit-card-info
-
Credit Card Skimmer campaign targets WordPress via database injection
by
in SecurityNewsStealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables. The attackers hide the malicious code in the WordPress wp_options table, injecting obfuscated JavaScript into…
-
Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
by
in SecurityNewsResearchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages. Whenever the page for the checkout is loaded, the malware examines the URL for the…
-
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
by
in SecurityNewsCybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS).”This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment First seen on…
-
Fancy Product Designer Plugin Flaws Expose WordPress Sites
by
in SecurityNewsCritical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-product-designer-plugin-flaws/
-
Kein Patch für Lücke in WordPress-Plug-in Fancy Product Designer in Sicht
by
in SecurityNewsEs können Attacken auf Onlineshops auf WordPress-Basis mit Fancy Product Designer bevorstehen. First seen on heise.de Jump to article: www.heise.de/news/Zero-Day-Luecke-bedroht-WordPress-Plug-in-Fancy-Product-Designer-10233192.html
-
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
by
in SecurityNewsPremium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/unpatched-critical-flaws-impact-fancy-product-designer-wordpress-plugin/
-
WordPress phishing plugin drives online shopping fraud
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/wordpress-phishing-plugin-drives-online-shopping-fraud
-
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
by
in SecurityNewsCybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites. By seamlessly integrating with Telegram, PhishWP facilitates real-time data exfiltration, including credit card details, personal information, and even 3DS authentication codes. This…