A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.
The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.
8,000 New WordPress Vulnerabilities Reported in 2024
Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.
The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek.
LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks
A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies.
The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek.
Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites
A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server.
The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on SecurityWeek.
Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites
A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user.
The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on SecurityWeek.
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover
A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion.
The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek.
Several Plugins Compromised in WordPress Supply Chain Attack
Five WordPress plugins were injected with malicious code that creates a new administrative account.
The post Several Plugins Compromised in WordPress Supply Chain Attack appeared first on SecurityWeek.
Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors
Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites.
The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek.
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek.
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek.