Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware. Fancy Product Designer is a...
WP Statistics, a popular web analytics plugin for WordPress, contained a time-based blind SQL injection vulnerability that, if exploited, could result in sensitive information being exfiltrated from a...
An XML External Entity (XXE) injection bug in WordPress could allow attackers to remotely steal a victim’s files, researchers have revealed. Security researchers at SonarSource who discovered the...
WordPress announced today that they plan on treating Google’s new FLoC tracking technology as a security concern and plans to block it by default on WordPress sites....
Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now...
Security researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named jquery-migrate.js and jquery-migrate.min.js and present...
An upcoming upgrade to WordPress will make it much easier for website owners to upgrade from HTTP to HTTPS. WordPress 5.7 – currently available as a beta release and...
The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. NextGen Gallery, a WordPress plugin used for creating...
Executive Summary In December 2020, Unit 42 researchers observed attempts to exploit CVE-2020-25213, which is a file upload vulnerability in the WordPress File Manager plugin. Successful exploitation...
UPDATED WordPress 5.6 has shipped with a new user interface (UI) for opting into automatic updates for major releases, and enhancements to how Site Health handles and...
Recent Comments