Security News

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
2024-03-12 09:15

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected...

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
2024-03-10 15:38

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. Sucuri says the exact actions of the code may vary, but the primary purpose of the injections appears to be redirecting visitors of infected sites to malicious destinations such as phishing pages and malware-dropping sites.

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks
2024-03-07 13:45

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of...

Hacked WordPress sites use visitors' browsers to hack other sites
2024-03-06 22:35

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. They then hack X accounts, create YouTube videos, or take out Google and X advertisements to promote the sites and steal visitor's cryptocurrency.

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
2024-02-27 14:43

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the...

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites
2024-02-27 05:43

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071,...

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
2024-02-20 09:08

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600...

Hackers exploit critical RCE flaw in Bricks WordPress site builder
2024-02-19 17:55

Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven visual site builder.

Hackers target WordPress database plugin active on 1 million sites
2024-01-25 14:15

Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
2024-01-15 07:45

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the...