Latest WordPress news

WordPress migration add-on flaw could lead to data breaches

All-in-One WP Migration, a popular data migration plugin for WordPress sites that has 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to access sensitive site information.
- Bill Toulas
- August 30, 2023
- 02:37 PM
- 0
Jupiter X Core WordPress plugin could let hackers hijack sites

Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
- Bill Toulas
- August 24, 2023
- 01:26 PM
- 1
Create AI-powered images with 80% off a DALL-E Wordpress Plugin

Making your work stand out requires original, thoughtful visuals. This DALL-E generator and plugin provides infinite original art for $59, 80% off the $299 MSRP.
- BleepingComputer Deals
- August 20, 2023
- 08:15 AM
- 0
WordPress Ninja Forms plugin flaw lets hackers steal submitted data

Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data.
- Bill Toulas
- July 27, 2023
- 01:00 PM
- 3
Hackers exploiting critical WordPress WooCommerce Payments bug

Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation.
- Lawrence Abrams
- July 17, 2023
- 05:08 PM
- 1
WordPress AIOS plugin used by 1M sites logged plaintext passwords

The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk.
- Bill Toulas
- July 14, 2023
- 11:55 AM
- 0
Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs

Hackers exploit a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator accounts.
- Bill Toulas
- June 30, 2023
- 03:49 PM
- 2
Add AI features to your WordPress site with this ChatGPT plug-in deal

ChatGPT can be a powerful tool for building content and winning over customers. This AI-powered plugin makes deployment simple for $59.99, 79% off the $299 MSRP.
- BleepingComputer Deals
- June 14, 2023
- 02:11 PM
- 0
WordPress Stripe payment plugin bug leaks customer order details

The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.
- Bill Toulas
- June 13, 2023
- 12:02 PM
- 0
WordPress force installs critical Jetpack patch on 5 million sites

WordPress.com owner Automat has started force installing a security patch on millions of websites today with the help of the WordPress Security Team to address a critical vulnerability in the Jetpack plug-in.
- Sergiu Gatlan
- May 30, 2023
- 06:01 PM
- 1
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection.
- Bill Toulas
- May 30, 2023
- 03:42 PM
- 0
Install ChatGPT onto any WordPress website with this plugin deal

You can pick up a lifetime license to the ChatGPT WordPress Plugin this week for a budget-friendly $59 so it's as economical as it is groundbreaking.
- BleepingComputer Deals
- May 25, 2023
- 02:10 PM
- 0
Hackers target 1.5M WordPress sites with cookie consent plugin exploit

Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.
- Sergiu Gatlan
- May 24, 2023
- 06:38 PM
- 1
Hackers target vulnerable Wordpress Elementor plugin after PoC released

Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account password reset flaw disclosed earlier in the month.
- Bill Toulas
- May 18, 2023
- 12:36 PM
- 2
Hackers target Wordpress plugin flaw after PoC exploit released

Hackers are actively exploiting a recently fixed vulnerability in the WordPress Advanced Custom Fields plugin roughly 24 hours after a proof-of-concept (PoC) exploit was made public.
- Bill Toulas
- May 14, 2023
- 11:14 AM
- 1
WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site.
- Bill Toulas
- May 11, 2023
- 12:59 PM
- 3
Sponsored Content
Criminal IP FDS: A WordPress Plugin to Block Brute Force Attacks

As cybersecurity threats continue to evolve, brute-force attacks have become a growing concern. To address this issue, AI Spera released a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS (Fraud Detection System).
- Sponsored by Criminal IP
- May 09, 2023
- 10:01 AM
- 0
WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS).
- Bill Toulas
- May 05, 2023
- 10:57 AM
- 1
Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.
- Bill Toulas
- April 20, 2023
- 04:02 PM
- 2
Massive Balada Injector campaign attacking WordPress sites since 2017

An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that researchers named Balad Injector.
- Bill Toulas
- April 07, 2023
- 12:24 PM
- 0