Tag: wordpress
-
WordPress phishing plugin drives online shopping fraud
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/wordpress-phishing-plugin-drives-online-shopping-fraud
-
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
by
in SecurityNewsCybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites. By seamlessly integrating with Telegram, PhishWP facilitates real-time data exfiltration, including credit card details, personal information, and even 3DS authentication codes. This…
-
PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts
by
in SecurityNewsThe malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/phishwp-plugin-hijacks-wordpress-e-commerce-checkouts
-
Russian hackers turn trusted online stores into phishing pages
by
in SecurityNews
Tags: breach, credentials, credit-card, cybercrime, cybersecurity, data, email, finance, hacker, phishing, risk, russia, service, tactics, theft, threat, wordpressIn a smart campaign, Russian cybercriminals are turning trusted online stores into phishing pages that capture sensitive details through convincing payment interfaces.According to a research by the cybersecurity firm Slashnext, the Russian miscreants have built a WordPress plugin, PhishWP, which creates fake payment pages that look like trusted services, such as Stripe.”WordPress is one of…
-
Beware of PhishWP: New WordPress Plugin Targets Online Shoppers
by
in SecurityNews
Tags: wordpressImagine browsing a seemingly legitimate e-commerce site, entering your payment details, and confidently completing a purchase, only to First seen on securityonline.info Jump to article: securityonline.info/beware-of-phishwp-new-wordpress-plugin-targets-online-shoppers/
-
New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages
by
in SecurityNewsSlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data. First seen on hackread.com Jump to article: hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/
-
WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps
by
in SecurityNewsA WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/wordpress-plugin-exploited-to-turn-legitimate-sites-into-phishing-traps/
-
Meet PhishWP The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps
by
in SecurityNewsOne morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripe’s payment process. You enter your payment details, feeling confident in the website’s legitimacy: Credit card number Expiration date CVV Billing address You even enter a one-time password (OTP) sent to your phone,……
-
WordPress Plugin Vulnerability Exposes 3 Million Websites to Injection Attacks
by
in SecurityNewsA critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites. This security flaw allows unauthenticated attackers to exploit a PHP Object Injection vulnerability through deserialization of untrusted input. The issue affects all versions of the plugin up to and including 1.24.11. A patch…
-
Premium WPLMS WordPress plugins address seven critical flaws
by
in SecurityNewsTwo WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/premium-wplms-wordpress-plugins-address-seven-critical-flaws/
-
Critical flaw in WordPress plugin exploited to install malicious software
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-flaw-in-wordpress-plugin-exploited-to-install-malicious-software
-
390,000 WordPress credentials compromised via phishing, GitHub repos
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/390000-wordpress-credentials-compromised-via-phishing-github-repos
-
Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys
by
in SecurityNewsSUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified… First seen on hackread.com Jump to article: hackread.com/hackers-fake-pocs-github-wordpress-credentials-aws-keys/
-
390,000 WordPress accounts stolen from hackers in supply chain attack
by
in SecurityNewsA threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/
-
Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors
by
in SecurityNewsAn unknown hacker called MUT-1244 used information-stealing malware to not only grab sensitive data from cybersecurity professionals but also to steal WordPress credentials from other bad actors who had bought them on the dark web. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/hacker-uses-info-stealer-against-security-pros-other-bad-actors/
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
by
in SecurityNewsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog…
-
Critical WordPress plugin vulnerability under active exploit threatens thousands
by
in SecurityNewsVulnerability with severity rating of 9.8 out of possible 10 still live on >8,000 sites. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/thousands-of-sites-remain-unpatched-against-actively-exploited-wordpress-plugin-bug/
-
Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites
by
in SecurityNewsTwo vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites. The post Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunk-companion-wp-query-console-vulnerabilities-chained-to-hack-wordpress-sites/
-
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
by
in SecurityNewsMalicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.”This flaw poses a…
-
Hunk Companion WordPress plugin exploited to install vulnerable plugins
by
in SecurityNewsHackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/
-
WPForms bug allows Stripe refunds on millions of WordPress sites
by
in SecurityNewsA vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/
-
CVE-2024-11205: WPForms Plugin Vulnerability Exposes 6 Million WordPress Sites to Financial Risk
by
in SecurityNewsA critical vulnerability, identified as CVE-2024-11205, was discovered in the WPForms plugin, a popular WordPress form builder used by over 6 million active websites. This vulnerability, which has been assigned a high CVSS score of 8.5, targets businesses relying on WPForms for payment processing and subscription management, especially those using Stripe integration. First seen on…
-
WPForms-Plug-in reißt Sicherheitsleck in 6 Millionen Webseiten
by
in SecurityNews
Tags: wordpressIm WordPress-Plug-in WPForms können Angreifer eine Lücke missbrauchen, um etwa Zahlungen rückabzuwickeln. Sechs Millionen Webseiten nutzen das Plug-in. First seen on heise.de Jump to article: www.heise.de/news/Wordpress-WPForms-Plug-in-reisst-Sicherheitsleck-in-6-Millionen-Webseiten-10193387.html
-
Über 200.000 Seiten betroffen: Dieses WordPress-Plugin hat kritische Sicherheitslücken
by
in SecurityNews
Tags: wordpressFirst seen on t3n.de Jump to article: t3n.de/news/20000-seiten-wordpress-sicherheitsgefahrt-1660835/
-
Sicherheitsgefahr bei WordPress: Beliebtes AntiPlugin entpuppt sich als Einfallstor für Hacker
by
in SecurityNewsFirst seen on t3n.de Jump to article: t3n.de/news/wordpress-gefahrt-plugin-anti-spam-cleantalk-1660835/
-
WordPress-Websites im Visier einer neuen FakeUpdates-Kampagne
by
in SecurityNewsFakeUpdates, auch bekannt als SocGholish, ist seit mindestens 2017 aktiv und verwendet JavaScript-Malware, um Websites anzugreifen, insbesondere solch… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wordpress-websites-im-visier-einer-neuen-fakeupdates-kampagne/a36764/
-
Hacker bekommen vollen Website-Zugriff: Beliebtes WordPress-Plugin hat gefährliche Schwachstellen
by
in SecurityNewsFirst seen on t3n.de Jump to article: t3n.de/news/hacker-wordpress-plugin-schwachstelle-1660835/
-
Sicherheitslücke bei WordPress: Millionen Webseiten betroffen
by
in SecurityNewsSicherheitsforscher haben eine neue Sicherheitslücke in einem WordPress-Plugin gefunden und ihre Erkenntnisse veröffentlicht. Jetzt suchen Hacker nach… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/sicherheitslucke-bei-wordpress-millionen-webseiten-betroffen