Latest Plugin news

Critical Forminator plugin flaw impacts over 300k WordPress sites

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
- Bill Toulas
- April 20, 2024
- 11:19 AM
- 1
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
- Bill Toulas
- April 03, 2024
- 02:21 PM
- 3
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
- Bill Toulas
- March 10, 2024
- 11:38 AM
- 4
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
- Bill Toulas
- November 14, 2023
- 06:32 PM
- 1
Save $260 on this ChatGPT-powered WordPress plugin deal

AI is only useful when you can tap into it on demand. This ChatGPT WordPress plugin lifetime license adds AI to your site for $39.97, $260 off the $300 MSRP and a price you can only get now through the end of October 15th.
- BleepingComputer Deals
- October 12, 2023
- 07:19 AM
- 0
New WordPress backdoor creates rogue admin to hijack websites

A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity.
- Bill Toulas
- October 11, 2023
- 05:23 PM
- 8
Jupiter X Core WordPress plugin could let hackers hijack sites

Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
- Bill Toulas
- August 24, 2023
- 01:26 PM
- 1
WordPress AIOS plugin used by 1M sites logged plaintext passwords

The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk.
- Bill Toulas
- July 14, 2023
- 11:55 AM
- 0
Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs

Hackers exploit a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator accounts.
- Bill Toulas
- June 30, 2023
- 03:49 PM
- 2
Add AI features to your WordPress site with this ChatGPT plug-in deal

ChatGPT can be a powerful tool for building content and winning over customers. This AI-powered plugin makes deployment simple for $59.99, 79% off the $299 MSRP.
- BleepingComputer Deals
- June 14, 2023
- 02:11 PM
- 0
WordPress Stripe payment plugin bug leaks customer order details

The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.
- Bill Toulas
- June 13, 2023
- 12:02 PM
- 0
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection.
- Bill Toulas
- May 30, 2023
- 03:42 PM
- 0
Install ChatGPT onto any WordPress website with this plugin deal

You can pick up a lifetime license to the ChatGPT WordPress Plugin this week for a budget-friendly $59 so it's as economical as it is groundbreaking.
- BleepingComputer Deals
- May 25, 2023
- 02:10 PM
- 0
Hackers target vulnerable Wordpress Elementor plugin after PoC released

Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account password reset flaw disclosed earlier in the month.
- Bill Toulas
- May 18, 2023
- 12:36 PM
- 2
Hackers target Wordpress plugin flaw after PoC exploit released

Hackers are actively exploiting a recently fixed vulnerability in the WordPress Advanced Custom Fields plugin roughly 24 hours after a proof-of-concept (PoC) exploit was made public.
- Bill Toulas
- May 14, 2023
- 11:14 AM
- 1
WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site.
- Bill Toulas
- May 11, 2023
- 12:59 PM
- 3
WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS).
- Bill Toulas
- May 05, 2023
- 10:57 AM
- 1
Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.
- Bill Toulas
- April 20, 2023
- 04:02 PM
- 2
Hackers exploit bug in Elementor Pro WordPress plugin

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin to install backdoors on sites.
- Bill Toulas
- March 31, 2023
- 11:52 AM
- 2
WordPress force patching WooCommerce plugin with 500K installs

Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular WooCommerce Payments for online stores.
- Sergiu Gatlan
- March 23, 2023
- 05:39 PM
- 0