Latest WordPress news

Hackers exploit bug in Elementor Pro WordPress plugin

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin to install backdoors on sites.
- Bill Toulas
- March 31, 2023
- 11:52 AM
- 2
Add ChatGPT to your WordPress site with $20 off this plugin

Want to see what ChatGPT can do for your site? Get a lifetime license to the ChatGPT WordPress Plugin for $39.97 (the lowest price on the web!) during our Spring Digital Blowout from now through April 13.
- BleepingComputer Deals
- March 29, 2023
- 02:08 PM
- 0
WordPress force patching WooCommerce plugin with 500K installs

Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular WooCommerce Payments for online stores.
- Sergiu Gatlan
- March 23, 2023
- 05:39 PM
- 0
Hackers inject credit card stealers into payment processing modules

A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans.
- Bill Toulas
- March 22, 2023
- 03:55 PM
- 1
Critical flaws in WordPress Houzez theme exploited to hijack websites

Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites.
- Bill Toulas
- February 27, 2023
- 01:19 PM
- 1
Add ChatGPT to your WordPress site with this plugin deal

You can pick up a lifetime license to the ChatGPT WordPress Plugin this week for $59 — a limited-time savings of 80 percent off the regular price of $299.
- BleepingComputer Deals
- February 22, 2023
- 07:24 AM
- 0
75k WordPress sites impacted by critical online course plugin flaws

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion.
- Bill Toulas
- January 24, 2023
- 12:16 PM
- 0
PoC exploits released for critical bugs in popular WordPress plugins

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.
- Bill Toulas
- January 13, 2023
- 04:28 PM
- 0
New Linux malware uses 30 plugin exploits to backdoor WordPress sites

A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript.
- Bill Toulas
- December 30, 2022
- 10:41 AM
- 0
Hackers exploit bug in WordPress gift card plugin with 50K installs

Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.
- Bill Toulas
- December 23, 2022
- 12:17 PM
- 0
New GoTrim botnet brute forces WordPress site admin accounts

A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site.
- Bill Toulas
- December 13, 2022
- 12:27 PM
- 0
15,000 sites hacked for massive Google SEO poisoning campaign

Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
- Bill Toulas
- November 09, 2022
- 01:08 PM
- 0
Zero-day in WPGateway Wordpress plugin actively exploited in attacks

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.
- Sergiu Gatlan
- September 13, 2022
- 02:22 PM
- 1
Hackers breach software vendor for Magento supply-chain attacks

Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
- Bill Toulas
- September 13, 2022
- 11:21 AM
- 0
WordPress sites hacked with fake Cloudflare DDoS alerts pushing malware

WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.
- Bill Toulas
- August 20, 2022
- 11:15 AM
- 1
Attackers scan 1.6 million WordPress sites for vulnerable plugin

Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication.
- Bill Toulas
- July 15, 2022
- 03:28 AM
- 0
PayPal phishing kit added to hacked WordPress sites for full ID theft

A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos.
- Bill Toulas
- July 14, 2022
- 02:09 PM
- 0
730K WordPress sites force-updated to patch critical plugin bug

WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild.
- Sergiu Gatlan
- June 16, 2022
- 02:58 PM
- 0
Backdoor baked into premium school management plugin for WordPress

Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating.
- Bill Toulas
- May 20, 2022
- 02:02 PM
- 1
Critical Jupiter WordPress plugin flaws let hackers take over sites

WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw.
- Bill Toulas
- May 18, 2022
- 05:12 PM
- 1