Security News
Researchers have discovered password bypass vulnerabilities affecting two WordPress plugins from a publisher called Revmakx. The first vulnerable plugin is RevMakx's InfiniteWP Client, a tool that allows admins to manage multiple WordPress sites from the same interface.
Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site's backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers from WebArx who created proof-of-concept attacks to exploit the vulnerability.
A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software. The team at WebArx, a security firm specializing in WordPress and other CRM and publishing platforms, took credit for discovering and reporting the flaws in WP Time Capsule and InfiniteWP. Both plugins were patched earlier this month by the developer, and updates should be applied.
One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited.
Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the...
An update for the popular WordPress plugin Jetpack addresses a critical security flaw that has existed for more than two years. With over 5 million installations to date, Jetpack provides...
An old piece of malware is storming the WordPress community, enabling its perpetrators to take control of sites and inject code of their choosing.
WordPress 5.2.4, which WordPress developers released this week, patches six vulnerabilities, including cross-site scripting (XSS), unauthorized access, server-side request forgery (SSRF), and...
If you're a Wordpress admin using a plug-in called Rich Reviews, you'll want to uninstall it. Now.
The issue in the Rich Reviews plugin is being actively exploited.