Security News

Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven visual site builder.

Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the...

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. Based on statitics from wordpress.org, there are roughly 150,000 sites that run a vulnerable version of the plugin that is lower than 2.8.

A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the Balada Injector malware in a campaign that launched in mid-December. Initially documented by researchers at Dr. Web who observed coordinated attack waves leveraging known flaws in WordPress themes and addons, it was later discovered that Balada Injector was a massivee operation running since 2017 that had compromised more than 17,000 WordPress sites.

Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming...

WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials. Kinsta says the phishing attacks aim to steal login credentials for MyKinsta, a key service the company offers to manage WordPress and other cloud-based apps.

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.The security bug was discovered by a team of bug hunters known as Nex Team, who reported it to WordPress security firm Wordfence under a recently launched bug bounty program.

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable...

WordPress is a highly popular open-source content management system used for creating and managing websites.The project's security team discovered a Property Oriented Programming chain vulnerability that was introduced in WordPress core 6.4, which under certain conditions could allow arbitrary PHP code execution.