Security News

Over 20,000 web servers have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. They are taking advantage of the widespread use of the WordPress content management system, an increased demand for premium themes and victims' lack of security awareness to get them to unknowingly compromise their own web servers.

A WordPress plugin with over 100,000 active installations had a hole which coould have allowed unauthorised attackers to wipe its users' blogs clean, it emerged this week. ThemeGrill is a WordPress theme developer that publishes its own Demo Importer plugin.

Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin. This WordPress plugin helps users import and manage ThemeGrill templates on their sites.

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

A serious vulnerability found in a WordPress themes plugin with over 200,000 active installations can be exploited to wipe a website's database and gain administrator access to the site. ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes.

A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites. The bug in Profile Builder was given a CVSS score of 10.0 by WordPress security biz Wordfence, though precise details of the bug are not yet available on the usual CVE-tracking websites.

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.

A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation, has issued fixes for a critical flaw. The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU's privacy regulation, has more than 700,000 active installations - making it a ripe target for attackers.

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites.

Popular WordPress plugin Code Snippets recently received a patch for a high-severity vulnerability that can be exploited to take control of affected websites. The Code Snippets plugin, which has over 200,000 installations, provides admins with a graphical interface to run PHP code on their WordPress-powered websites by removing the need to add custom snippets to the theme's functions.