Security News > 2024 > November > Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
2024-11-26 13:23
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions
News URL
https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)