Latest WordPress news

Hackers exploit critical RCE flaw in Bricks WordPress site builder

Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
- Bill Toulas
- February 19, 2024
- 12:55 PM
- 0
Turla hackers backdoor NGOs with new TinyTurla-NG malware

Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.
- Ionut Ilascu
- February 15, 2024
- 09:49 AM
- 0
Hackers target WordPress database plugin active on 1 million sites

Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.
- Bill Toulas
- January 25, 2024
- 09:15 AM
- 2
Over 150k WordPress sites at takeover risk via vulnerable plugin

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
- Bill Toulas
- January 11, 2024
- 04:54 PM
- 1
New Balada Injector campaign infects 6,700 WordPress sites

A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.
- Bill Toulas
- January 11, 2024
- 12:44 PM
- 0
WordPress hosting service Kinsta targeted by Google phishing ads

WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials.
- Mayank Parmar
- December 17, 2023
- 06:46 PM
- 0
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.
- Sergiu Gatlan
- December 11, 2023
- 05:46 PM
- 2
WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
- Bill Toulas
- December 07, 2023
- 03:10 PM
- 0
Fake WordPress security advisory pushes backdoor plugin

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin.
- Bill Toulas
- December 04, 2023
- 12:19 PM
- 4
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
- Bill Toulas
- November 14, 2023
- 06:32 PM
- 1
Hackers exploit critical flaw in WordPress Royal Elementor plugin

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.
- Bill Toulas
- October 16, 2023
- 03:08 PM
- 1
Save $260 on this ChatGPT-powered WordPress plugin deal

AI is only useful when you can tap into it on demand. This ChatGPT WordPress plugin lifetime license adds AI to your site for $39.97, $260 off the $300 MSRP and a price you can only get now through the end of October 15th.
- BleepingComputer Deals
- October 12, 2023
- 07:19 AM
- 0
New WordPress backdoor creates rogue admin to hijack websites

A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity.
- Bill Toulas
- October 11, 2023
- 05:23 PM
- 8
Over 17,000 WordPress sites hacked in Balada Injector attacks last month

Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins.
- Bill Toulas
- October 09, 2023
- 03:23 PM
- 1
WordPress migration add-on flaw could lead to data breaches

All-in-One WP Migration, a popular data migration plugin for WordPress sites that has 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to access sensitive site information.
- Bill Toulas
- August 30, 2023
- 02:37 PM
- 0
Jupiter X Core WordPress plugin could let hackers hijack sites

Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
- Bill Toulas
- August 24, 2023
- 01:26 PM
- 1
Create AI-powered images with 80% off a DALL-E Wordpress Plugin

Making your work stand out requires original, thoughtful visuals. This DALL-E generator and plugin provides infinite original art for $59, 80% off the $299 MSRP.
- BleepingComputer Deals
- August 20, 2023
- 08:15 AM
- 0
WordPress Ninja Forms plugin flaw lets hackers steal submitted data

Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data.
- Bill Toulas
- July 27, 2023
- 01:00 PM
- 3
Hackers exploiting critical WordPress WooCommerce Payments bug

Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation.
- Lawrence Abrams
- July 17, 2023
- 05:08 PM
- 1
WordPress AIOS plugin used by 1M sites logged plaintext passwords

The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk.
- Bill Toulas
- July 14, 2023
- 11:55 AM
- 0