WordPress News Articles

Active Exploitation of Critical Vulnerability in WordPress Automatic Plugin

ValvePress has released security updates to address a critical vulnerability (CVE-2024-27956) impacting WordPress Automatic plugin. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score...

1 week ago

CVE-2024-11613 Description, Impact and Technical Details

CVE-2024-11613 is a critical vulnerability affecting the WordPress File Upload plugin. The issue lies in the 'wfu_file_downloader.php' file, where the…

3 weeks ago

Wordpress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks

A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed over 100,000 WordPress websites to unauthenticated remote code execution (RCE) attacks. 

Fix CVE-2025-0180: WP Foodbakery Security Guide

Learn how to protect your WordPress site from the critical CVE-2025-0180 vulnerability in WP Foodbakery plugin. Step-by-step security guide for admins.

W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks

A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps.

W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data

A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress, affecting all versions up to and including 2.8.1.

WordPress Plugin Security Update Advisory (CVE-2024-11613) - ASEC

Overview We have released a security update to address a vulnerability in the WordPress File Upload plugin. Users of affected products are advised to update to the latest version.   Affected Products  CVE-2024-11613 WordPress File Upload Version: ~4.24.15 (inclusive)     Resolved Vulnerabilities Rem...

Wordpress Plugin Vulnerability Exposes 3 Million Websites to Injection Attacks

A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites.

CERT-In Sounds Alarm On WPForms Plugin Exploit: Update Now

The vulnerability, present in WPForms plugin versions, stems from a missing authorization check in the wpforms_is_admin_page function.

RCE Vulnerability in 1,000,000 WordPress Sites Lets Attackers Gain Control Over Backend

A critical Remote Code Execution (RCE) vulnerability (CVE-2024-6386), affecting over 1,000,000 active installations of the WordPress Multilingual Plugin (WPML) Twig template engine.

Critical WordPress plugin vulnerability under active exploit threatens thousands

Vulnerability with severity rating of 9.8 out of possible 10 still live on >8,000 sites.

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Attackers exploit Hunk Companion vulnerability (CVE-2024-11972) to install flawed plugins, enabling RCE attacks on 10,000+ WordPress sites. Patch imme

Hunk Companion WordPress plugin exploited to install vulnerable plugins

Hackers are exploiting a critical vulnerability in the

WPForms bug allows Stripe refunds on millions of WordPress sites

A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions.

CVE-2024-11205 Vulnerability Impacts 6M WordPress Sites

CVE-2024-11205 exposes WPForms to unauthorized Stripe refunds and subscription cancellations.

Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites

Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.

CVE-2024-10924, authentication bypass vulnerability in WordPress

Vulnerability CVE-2024-10924 in the Really Simple Security plugin allows an attacker to log onto a WordPress site with administrator rights.

Vulnerability in WP Time Capsule Plugin (CVE-2024-8856) - OP INNOVATE

Critical vulnerability in WP Time Capsule plugin (CVE-2024-8856) allows unauthenticated file uploads, risking full site takeover; update to version 1.22.22 immediately to mitigate threats.

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Critical vulnerability (CVE-2024-10924) in Really Simple Security plugin allows attackers admin access to WordPress sites. Over 4 million affected.

Critical WPLMS WordPress Theme Bug Puts Websites At Risk Of RCE

A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal

Path Traversal Vulnerability In WPLMS WordPress Theme Exposes Websites To RCE  - Cyble

A vulnerability in the WPLMS WordPress theme can put websites at risk of Remote Code Execution.

CVE-2024-9895 Description, Impact and Technical Details

CVE-2024-9895 identifies a vulnerability in the Smart Online Order for Clover plugin for WordPress, affecting all versions up to and including 1.5.7. …

Popular WordPress Caching Plugin Had a Major XSS Vulnerability

The WordPress Caching Plugin had three major XSS vulnerabilities, which have now been fixed by Patchstack. Here's more about it.

Single HTTP Request Can Exploit 6M WordPress Sites

The popular LiteSpeed Cache plug-in is vulnerable to unauthenticated privilege escalation via a dangerous XSS flaw.

Examining the Vulnerabilities in WordPress Plugins – Be3

A recent discovery has unveiled a significant security vulnerability in the LiteSpeed Cache plugin for WordPress, allowing the execution of arbitrary JavaScript code by potential cyber threats. The...

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

LiteSpeed Cache plugin vulnerability (CVE-2024-47374) exposes WordPress sites to XSS attacks. Update to version 6.5.1 now.

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

Urgent security update for WPML WordPress plugin: Critical flaw allows remote code execution.

Unauthenticated RCE in WordPress Plugin Exposes 100,000 Sites

RCE in WordPress Plugin exposes over 100,000 WordPress sites to potential remote code execution (RCE) attacks.

Remote Code Execution Vulnerability Patched in WPML WordPress Plugin

The popular WordPress Multilingual plugin, WPML, which is installed on over 1,000,000 websites, has patched a Remote Code Execution (RCE) vulnerability (CVE-2024-6386) that researchers have classif…

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server.

Takeovers Likely Across Over 100K WordPress Sites Due to Critical Plugin Bug

SecurityWeek reports that more than 100,000 WordPress websites could be hijacked in intrusions exploiting a maximum severity PHP object injection flaw in the widely used fundraising and donation plugin GiveWP. Such a vulnerability, tracked as CVE-2024-5932, could be leveraged by t...

Takeovers likely across over 100K WordPress sites due to critical plugin bug

Such a vulnerability, tracked as CVE-2024-5932, could be leveraged by threat actors to facilitate PHP object injection and subsequent Property Oriented Programming chain abuse involving the manipulation of deserialized objects for remote code execution and arbitrary file deletion, a report from Defi...

Record Bounty Awarded as Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin

The LiteSpeed Cache Plugin, widely used to enhance the speed and performance of WordPress websites, recently patched a critical unauthenticated privilege escalation vulnerability (CVE-2024-28000). …

Kwetsbaarheid van GiveWP WordPress-plug-in brengt meer dan 100.000 websites in gevaar

Er is een zeer ernstig beveiligingslek ontdekt in de WordPress-plug-in GiveWP voor donaties en fondsenwerving. Deze kwetsbaarheid stelt meer dan 100.000 websites bloot aan aanvallen met code-uitvoering op afstand. Het lek, dat wordt getraceerd als CVE-2024-5932 (CVSS-score: 10,0), heeft invloed ... ...

Critical GiveWP Vulnerability (CVE-2024-5932) Fixed

The GiveWP vulnerability allowed Remote Code Execution and file deletion. Users are advised to update to version 3.14.2.

WordPressの人気プラグインに重大な欠陥、1万超のWebサイトに攻撃リスク（CVE-2024-6500） | Codebook｜Security News

WordPressの人気プラグインInPostシリーズに重大な欠陥が判明、1万超のWebサイトが攻撃リスクにさらされる（CVE-2024-6500）｜OpenAI、米国大統領選挙を狙ったイランの影響力行使オペレーションを阻止

LiteSpeed Cache Plugin Flaw Let Attackers Inject Malicious Code, 5M+ Sites Impacted

The popular LiteSpeed Cache plugin for WordPress has been found vulnerable to a CSRF attack, potentially impacting over 5 million websites.

Unpatched critical vulnerabilities WZone WooCommerce Amazon Affiliates

The WooCommerce Amazon Affiliates (WZone) plugin has multiple severe security vulnerabilities, including an authenticated arbitrary option update (CVE-2024-33549), an unauthenticated SQL injection (CVE-2024-33544), and an authenticated SQL injection (CVE-2024-33546), prompting Patchstack to advise u...

WordPress sites targeted for hijacking with LiteSpeed Cache plugin flaw

More than 1.8 million WordPress sites using an old version of the LiteSpeed Cache plugin are at risk of takeovers amid attacks exploiting a high-severity unauthenticated cross-site scripting vulnerability, tracked as CVE-2023-40000, which have been increasing during the past month, according to Blee...

PoC Released - Mass Exploit - CVE-2024-33544 < Unauthenticated < SQL Injection

About the WZone Plugin The plugin WZone (premium version), which has over 35,000 sales, is one of the more popular premium plugins specifically related to affiliate integration between AWS and WooCommerce sites. Refs :/ https://nvd.nist.gov/vuln/detail/CVE-2024-33544 https://www.cvedetails.com/cv...

Hackers target WordPress calendar plugin used by 150,000 sites

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.

SecuriTricks - Home

SecuriTricks is your go-to cybersecurity hub, offering daily updates on CVEs, latest attack reports, and downloadable IOCs including IPv4, URLs, and domain names. Dive into our blog for comprehensive insights into cybersecurity trends, tips, and in-depth analysis. Stay ahead with SecuriTricks, your ...

CVE-2024-4439 Description, Impact and Technical Details

CVE-2024-4439 is a vulnerability in WordPress Core that affects various versions up to 6.5.2. It allows authenticated attackers with contributor-level…

Top Cyber Security Informer Security Intelligence Big data Content for Wed.Jun 05, 2024

Best content around Security Intelligence Big data selected by the Cyber Security Informer community.

Understanding CVE-2024-4295: Critical SQL Injection Vulnerability in Email Subscribers Plugin

A critical SQL Injection vulnerability has been identified in the Email Subscribers by Icegram Express plugin for WordPress, posing significant security risks.

CVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF

CVE-2021-36471 : Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.

Understanding the Security Implications of CVE-2024-4984 in the Yoast SEO Plugin

A comprehensive breakdown of the CVE-2024-4984 vulnerability found in the Yoast SEO plugin for WordPress, discussing its potential effects and urging users to update their systems to mitigate risks.