Security News

Hackers target WordPress calendar plugin used by 150,000 sites
2024-07-09 17:21

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
2024-06-26 08:37

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to...

Compromised plugins found on WordPress.org
2024-06-26 08:32

An unknown threat actor has compromised five WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. The backdoored plugins have collectively been downloaded by 35,000+ WordPress users.

Plugins on WordPress.org backdoored in supply chain attack
2024-06-25 19:25

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. Although it is possible that the attack impacts a larger number of WordPress plugins, current evidence suggests that the compromise is limited to the aforementioned set of five.

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts
2024-06-25 03:32

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected...

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
2024-05-30 13:49

Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts...

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
2024-05-28 06:30

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign,...

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
2024-05-08 07:03

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from...

Hackers exploit LiteSpeed Cache flaw to create WordPress admins
2024-05-07 21:42

Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites. LiteSpeed Cache is advertised as a caching plugin used in over five million WordPress sites that helps speed up page loads, improve visitor experience, and boost Google Search ranking.

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers
2024-05-01 13:41

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2)...