Security News

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website.

A security researcher has discovered a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on...

There's no obvious executable payload in the attack but the attackers may be building a collection of websites and biding their time.

A critical security flaw affecting a GDPR compliance plugin for WordPress has been exploited in the wild to take control of vulnerable websites, users have been warned. read more

Loads of bonus infosec news for your weekend Roundup This week we had broken promises in China, broken keys in Steam, and broken ..err, everything in Apache Struts.…

Researchers have published details of a dangerous flaw in the way the hugely popular WooCommerce plugin interacts with WordPress that could allow an attacker with access to a single account to...

Rogue managers can seize control of web shops A vulnerability in the WooCommerce online store platform, used by over four million vendors, can be exploited to hijack WordPress installations...

A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce.

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at...

If you’re running a very old version of WordPress on your website, the project’s staff would like a word with you.