EHA
Hackers Exploit Litespeed Plugin Flaw To Create Rogue Admin Accounts

Hackers Exploit Litespeed Plugin Flaw To Create Rogue Admin Accounts

WordPress plugins make WordPress more useful, but most have flaws that hackers may try to exploit to get unauthorized entry or introduce malicious code. The popularity and widespread use of common plugins make them an...
Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack

Yoast SEO Plugin XSS Flaw Exposes 5 Million+ WordPress Websites to Attack

A critical cross-site scripting (XSS) vulnerability has been discovered in the popular Yoast SEO WordPress plugin, potentially putting over 5 million websites at risk of compromise. The flaw was found by security researcher Bassem Essam...
Hackers Actively Exploiting WP Automatic Updates Plugin Vulnerability

Hackers Actively Exploiting WP Automatic Updates Plugin Vulnerability

Hackers often target WordPress plugins as they have security loopholes that they can exploit to hack into sites without permission.  Once they have found them, threat actors can insert corrupted scripts into these loopholes to...
WordPress Responsive theme Flaw Let Attackers Inject Malicious HTML Scripts

WordPress Responsive Theme Flaw Let Attackers Inject Malicious HTML Scripts

A vulnerability was identified in the WordPress theme, "Responsive," allowing attackers to inject arbitrary HTML content into websites. This flaw, as CVE-2024-2848, poses a severe risk to website integrity and user safety. CVE-2024-2848 - Arbitrary...
WP-Members Plugin Flaw

WP-Members Plugin Expose WordPress Sites To Injection Attacks

A security researcher reported a critical vulnerability in the WP-Members Membership Plugin that allows attackers to inject malicious scripts and potentially take over websites.  Administrators could take advantage of the unauthenticated stored XSS flaw that...
WordPress Security : XSS Remains as the Most Vulnerability Exploited

WordPress Security : XSS Remains as the Most Vulnerability Exploited

Of all the security flaws discovered in the WordPress ecosystem, cross-site scripting (XSS) vulnerabilities accounted for about 53.3% of the total. As of last year, XSS accounted for 27% of all security vulnerabilities, a significantly...
Hackers Selling WordPress 0-day

Hackers Selling WordPress 0-day Exploits on Hacker Forums

A new post on a hacker forum has advertised the sale of a WordPress 0-day exploit. The seller claims that the exploit, packaged as a PHP script, can be used with a WordPress plugin...
WordPress Bricks RCE Flaw

Critical RCE Flaw in WordPress Bricks Theme Exposes 25,000+ Sites

A critical Remote Code Execution (RCE) vulnerability in the Bricks Builder theme for WordPress has put over 25,000 websites at risk, prompting an urgent security update. The flaw, identified as CVE-2024-25600, was discovered by a...
WP Fastest Cache Plugin Exposes Over 600K+ WordPress Sites to SQL Injection Attacks

WP Fastest Cache Plugin Exposes Over 600K+ WordPress Sites to SQL Injection Attacks

In a recent development, the WPScan team has unearthed a significant security flaw within the widely-used WP Fastest Cache plugin.  This vulnerability, categorized as an unauthenticated SQL injection, could potentially grant unauthorized access to sensitive...
New WordPress Malware as Cache Plugin Creates Rogue Admin Account

New WordPress Malware as Cache Plugin Creates Rogue Admin Account

A novel kind of malware that acts as a sophisticated backdoor that can carry out several operations while impersonating a legitimate plugin has been identified. The malware has several features, including the ability to modify...

Managed WAF

Website

Latest News