Security News

There's no obvious executable payload in the attack but the attackers may be building a collection of websites and biding their time.

A critical security flaw affecting a GDPR compliance plugin for WordPress has been exploited in the wild to take control of vulnerable websites, users have been warned. read more

Loads of bonus infosec news for your weekend Roundup This week we had broken promises in China, broken keys in Steam, and broken ..err, everything in Apache Struts.…

Researchers have published details of a dangerous flaw in the way the hugely popular WooCommerce plugin interacts with WordPress that could allow an attacker with access to a single account to...

Rogue managers can seize control of web shops A vulnerability in the WooCommerce online store platform, used by over four million vendors, can be exploited to hijack WordPress installations...

A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce.

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at...

If you’re running a very old version of WordPress on your website, the project’s staff would like a word with you.

Fiends use vulns to lure victims into tech support scams Website admins are urged to update their WordPress installations as soon as possible to the latest version following a rash of attacks...

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.