A critical remote code execution vulnerability in WordPress plugin Ad Inserter, let hackers execute arbitrary PHP code in the vulnerable installations. The vulnerability was discovered by Wordfence security team and…
Browsing CategoryWordpress
WordPress plugin sees second serious security bug in six weeks
Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites. This post appeared first on Naked Security Blog by Sophos Author:…
Cross-site Scripting Vulnerability in WP Live Chat Plugin Let Hackers to Inject Malicious JavaScript Payloads
An Unauthenticated Persistent Cross-Site Scripting vulnerability in WP Live Chat Support WordPress plugin allows hackers to inject malicious JavaScript payloads in the vulnerable website. More than 60,000+ users used the…
WordPress Websites Hit by a Barrage of Attacks
Attackers exploit the vulnerability of the Yuzo Related Posts plugin.Email automation service Mailgun has added a long list of companies that were victims of large-scale coordinated attacks on websites run…
WPScan – Penetration Testing Tool to Find The Security Vulnerabilities in Your WordPress Websites
WPScan is a WordPress security scan for detecting and reporting WordPress vulnerabilities. WordPress is a free online Open source content Managed system focused on PHP and MySQL. It is one…
Update now! WordPress hackers target Easy WP SMTP plugin
Two hacking groups have been spotted targeting websites running unpatched versions of the WordPress plugin Easy WP SMTP. This post appeared first on Naked Security Blog by Sophos Author: John…
Zero-day Stored XSS Vulnerability in WordPress Social Share Plug-in let Hackers to Compromise 70,000 Websites
Researchers discovered a critical Stored XSS Zero-day flaw in widely used social sharing plug-in called “Social Warfare” let attackers inject the malicious script and take over the vulnerable WordPress websites.…
WordPress 5.1.1 patches dangerous XSS vulnerability
Researchers have offered more detail on a recently patched vulnerability that would allow an attacker to take over a WordPress site. This post appeared first on Naked Security Blog by…
Update now! WordPress abandoned cart plugin under attack
Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce. This post appeared first on Naked Security Blog by Sophos Author: John E…
Analyzing WordPress Remote Code Execution Vulnerabilities CVE-2019-8942 and CVE-2019-8943
by Suraj Sahu and Jayesh Patel (Vulnerability Researchers) With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also…