Security News

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
2024-08-21 17:22

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. [...]

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
2024-08-21 04:35

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw,...

Hackers target WordPress calendar plugin used by 150,000 sites
2024-07-09 17:21

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
2024-06-26 08:37

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to...

Compromised plugins found on WordPress.org
2024-06-26 08:32

An unknown threat actor has compromised five WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. The backdoored plugins have collectively been downloaded by 35,000+ WordPress users.

Plugins on WordPress.org backdoored in supply chain attack
2024-06-25 19:25

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. Although it is possible that the attack impacts a larger number of WordPress plugins, current evidence suggests that the compromise is limited to the aforementioned set of five.

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts
2024-06-25 03:32

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected...

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
2024-05-30 13:49

Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts...

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
2024-05-28 06:30

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign,...

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
2024-05-08 07:03

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from...