KingComposer, a WordPress plugin found installed with over 100,000 WordPress sites found vulnerable to Reflected Cross-Site Scripting. The vulnerability was found by the Wordfence security team with KingComposer Drag and Drop page building plugin. The vulnerability can be exploited by the attacker tricking the victim into clicking a malicious link, which sends the victim to […]
The post 100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw appeared first on GBHackers On Security.
A million sites attacked by 20,000 different computers.
Cybercriminals launched more than 130 million attacks aiming to harvest database credentials from 1.3 million WordPress sites. In this massive attack campaign, cybercriminals used several plugin and theme vulnerabilities across the WordPress ecosystem. Security researchers from Wordfence observed the attack, the peak of the attack occurred on May 30, 2020. Campaign Linked to Previous Researchers […]
The post Massive Hacking Campaign Targets WordPress Websites to Steal Database Credentials appeared first on GBHackers On Security.
Justice has already been slow in this case, and the pandemic isn’t helping: His trial has been postponed for a third time. This post appeared first on Naked Security Blog…
A vulnerability in the defunct OneTone WordPress theme plugin is being exploited to compromise entire sites while installing backdoor admin accounts. This post appeared first on Naked Security Blog by…
Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files. This post appeared first on Naked Security Blog…
In theory, crooks could mess up your site so vistors can’t see your content, then lock you out so you can’t jump in and fix it. This post appeared first…
Researchers from Wordfence uncovered two RCE vulnerabilities in WordPress SEO plugin called Rank Math let hackers hijack nearly 200,000 vulnerable Websites and gain remote access. Rank Math is an SEO…
Good news for website admins: the ability to automatically update plugins and themes is being beta-tested for WordPress 5.5, due in August. This post appeared first on Naked Security Blog…
Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site. This post appeared first on Naked Security…