wordpress – Search.AI.Wiki

Balada Injector still at large – new domains discovered

The Balada Injector is still at large and still evading security software by utilizing new domain names and using new obfuscation.

During a routine web monitoring operation, we discovered an address that led us down a rabbit hole of WordPress-orientated …

Three flaws in Ninja Forms plugin for WordPress impact 900K sites

Experts warn of vulnerabilities impacting the Ninja Forms plugin for WordPress that could be exploited for escalating privileges and data theft.

The Ninja Forms plugin for WordPress is affected by multiple vulnerabilities (tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393) that can …

Hacking campaign targets sites using WordPress WooCommerce Payments Plugin

Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin.

Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score: 9.8), in the WooCommerce Payments WordPress plugin.

The …

Indexing Over 15 Million WordPress Websites with PWNPress

Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data related to vulnerabilities and misconfigurations

Leveraging the extensive Common Crawl dataset and pushing the boundaries of data analysis, cybersecurity firm Sicuranex successfully indexed over 15 million WordPress websites …

WordPress plugin installed on 1 million+ sites logged plaintext passwords

Enlarge (credit: Getty Images)

All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website

…

WordPress plugin installed on 1 million+ sites logged plaintext passwords

Enlarge (credit: Getty Images)

…

WordPress sites using the Ultimate Member plugin are under attack

Threat actors are exploiting a critical WordPress zero-day in the Ultimate Member plugin to create secret admin accounts.

Hackers are actively exploiting a critical unpatched WordPress Plugin flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), to create secret admin accounts.

Ultimate …

miniOrange’s WordPress Social Login and Register plugin was affected by a critical auth bypass bug

A critical authentication bypass flaw in miniOrange’s WordPress Social Login and Register plugin, can allow gaining access to any account on a site.

Wordfence researchers discovered an authentication bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, that can …

Unveiling the Balada injector: a malware epidemic in WordPress

Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless viral invasion.

A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — …

Unveiling the Balada injector: a malware epidemic in WordPress

Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless viral invasion.

A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — …

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

Experts warn of an unauthenticated privilege escalation flaw in the popular Essential ‘Addons for Elementor’ WordPress plugin.

Essential ‘Addons for Elementor’ WordPress plugin is a collection of 90+ creative elements and extensions Enhance that allow admins to enhance Elementor page building …

WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks

A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking.

Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin …

Abandoned Eval PHP WordPress plugin abused to backdoor websites

Threat actors were observed installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment.

Researchers from Sucuri warned that threat actors are installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment.

The Eval …

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Enlarge (credit: Getty Images)

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said.

The vulnerability, which carries a severity rating of

…