Security News

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
2024-09-06 06:35

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary...

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
2024-09-05 16:58

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. [...]

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution
2024-08-28 04:14

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The...

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
2024-08-22 05:02

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin...

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
2024-08-21 17:22

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. [...]

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
2024-08-21 04:35

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw,...

Hackers target WordPress calendar plugin used by 150,000 sites
2024-07-09 17:21

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
2024-06-26 08:37

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to...

Compromised plugins found on WordPress.org
2024-06-26 08:32

An unknown threat actor has compromised five WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. The backdoored plugins have collectively been downloaded by 35,000+ WordPress users.

Plugins on WordPress.org backdoored in supply chain attack
2024-06-25 19:25

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. Although it is possible that the attack impacts a larger number of WordPress plugins, current evidence suggests that the compromise is limited to the aforementioned set of five.