WordPress News Articles
Recent news articles refferecing the vendors vulnerabilities.
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps.
2 weeks ago
GBHackers NewsCVE-2024-12365W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data
A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress, affecting all versions up to and including 2.8.1.
2 weeks ago
GBHackers NewsCVE-2024-10957Wordpress Plugin Vulnerability Exposes 3 Million Websites to Injection Attacks
A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites.
4 weeks ago
Cyber Security NewsCVE-2024-6386RCE Vulnerability in 1,000,000 WordPress Sites Lets Attackers Gain Control Over Backend
A critical Remote Code Execution (RCE) vulnerability (CVE-2024-6386), affecting over 1,000,000 active installations of the WordPress Multilingual Plugin (WPML) Twig template engine.
1 month ago
Ars TechnicaCVE-2024-11972Critical WordPress plugin vulnerability under active exploit threatens thousands
Vulnerability with severity rating of 9.8 out of possible 10 still live on >8,000 sites.
2 months ago
The Hacker NewsCVE-2024-11972WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Attackers exploit Hunk Companion vulnerability (CVE-2024-11972) to install flawed plugins, enabling RCE attacks on 10,000+ WordPress sites. Patch imme
2 months ago
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the
2 months ago
WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions.
2 months ago
The Cyber ExpressCVE-2024-11205CVE-2024-11205 Vulnerability Impacts 6M WordPress Sites
CVE-2024-11205 exposes WPForms to unauthorized Stripe refunds and subscription cancellations.
2 months ago
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites
Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.
2 months ago
KasperskyCVE-2024-10924CVE-2024-10924, authentication bypass vulnerability in WordPress
Vulnerability CVE-2024-10924 in the Really Simple Security plugin allows an attacker to log onto a WordPress site with administrator rights.
2 months ago
OP InnovateCVE-2024-8856Vulnerability in WP Time Capsule Plugin (CVE-2024-8856) - OP INNOVATE
Critical vulnerability in WP Time Capsule plugin (CVE-2024-8856) allows unauthenticated file uploads, risking full site takeover; update to version 1.22.22 immediately to mitigate threats.
2 months ago
The Hacker NewsCVE-2024-10924Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
Critical vulnerability (CVE-2024-10924) in Really Simple Security plugin allows attackers admin access to WordPress sites. Over 4 million affected.
2 months ago
The Cyber ExpressCVE-2024-10470Critical WPLMS WordPress Theme Bug Puts Websites At Risk Of RCE
A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal
3 months ago
CybleCVE-2024-10470Path Traversal Vulnerability In WPLMS WordPress Theme Exposes Websites To RCE - Cyble
A vulnerability in the WPLMS WordPress theme can put websites at risk of Remote Code Execution.
3 months ago
CVE-2024-9895 Description, Impact and Technical Details
CVE-2024-9895 identifies a vulnerability in the Smart Online Order for Clover plugin for WordPress, affecting all versions up to and including 1.5.7. …
3 months ago
The Hacker NewsCVE-2024-6386Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution
Urgent security update for WPML WordPress plugin: Critical flaw allows remote code execution.
5 months ago
GBHackersCVE-2024-5932Unauthenticated RCE in WordPress Plugin Exposes 100,000 Sites
RCE in WordPress Plugin exposes over 100,000 WordPress sites to potential remote code execution (RCE) attacks.
5 months ago
WP TavernCVE-2024-6386Remote Code Execution Vulnerability Patched in WPML WordPress Plugin
The popular WordPress Multilingual plugin, WPML, which is installed on over 1,000,000 websites, has patched a Remote Code Execution (RCE) vulnerability (CVE-2024-6386) that researchers have classif…
5 months ago
Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites
A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server.
5 months ago
Takeovers Likely Across Over 100K WordPress Sites Due to Critical Plugin Bug
SecurityWeek reports that more than 100,000 WordPress websites could be hijacked in intrusions exploiting a maximum severity PHP object injection flaw in the widely used fundraising and donation plugin GiveWP. Such a vulnerability, tracked as CVE-2024-5932, could be leveraged by t...
5 months ago
Takeovers likely across over 100K WordPress sites due to critical plugin bug
Such a vulnerability, tracked as CVE-2024-5932, could be leveraged by threat actors to facilitate PHP object injection and subsequent Property Oriented Programming chain abuse involving the manipulation of deserialized objects for remote code execution and arbitrary file deletion, a report from Defi...
5 months ago
Techidee.nlCVE-2024-5932Kwetsbaarheid van GiveWP WordPress-plug-in brengt meer dan 100.000 websites in gevaar
Er is een zeer ernstig beveiligingslek ontdekt in de WordPress-plug-in GiveWP voor donaties en fondsenwerving. Deze kwetsbaarheid stelt meer dan 100.000 websites bloot aan aanvallen met code-uitvoering op afstand. Het lek, dat wordt getraceerd als CVE-2024-5932 (CVSS-score: 10,0), heeft invloed ... ...
5 months ago
The Cyber ExpressCVE-2024-5932Critical GiveWP Vulnerability (CVE-2024-5932) Fixed
The GiveWP vulnerability allowed Remote Code Execution and file deletion. Users are advised to update to version 3.14.2.
5 months ago
株式会社マキナレコードCVE-2024-6500WordPressの人気プラグインに重大な欠陥、1万超のWebサイトに攻撃リスク(CVE-2024-6500) | Codebook|Security News
WordPressの人気プラグインInPostシリーズに重大な欠陥が判明、1万超のWebサイトが攻撃リスクにさらされる(CVE-2024-6500)|OpenAI、米国大統領選挙を狙ったイランの影響力行使オペレーションを阻止
5 months ago
Hackers target WordPress calendar plugin used by 150,000 sites
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.
7 months ago
securitricks.comSecuriTricks - Home
SecuriTricks is your go-to cybersecurity hub, offering daily updates on CVEs, latest attack reports, and downloadable IOCs including IPv4, URLs, and domain names. Dive into our blog for comprehensive insights into cybersecurity trends, tips, and in-depth analysis. Stay ahead with SecuriTricks, your ...
7 months ago
CVE-2024-4439 Description, Impact and Technical Details
CVE-2024-4439 is a vulnerability in WordPress Core that affects various versions up to 6.5.2. It allows authenticated attackers with contributor-level…
7 months ago
Cyber Security InformerCVE-2024-4295Top Cyber Security Informer Security Intelligence Big data Content for Wed.Jun 05, 2024
Best content around Security Intelligence Big data selected by the Cyber Security Informer community.
8 months ago
linuxpatch.comCVE-2024-4295Understanding CVE-2024-4295: Critical SQL Injection Vulnerability in Email Subscribers Plugin
A critical SQL Injection vulnerability has been identified in the Email Subscribers by Icegram Express plugin for WordPress, posing significant security risks.
8 months ago
CVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF
CVE-2021-36471 : Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.
8 months ago
linuxpatch.comCVE-2024-4984Understanding the Security Implications of CVE-2024-4984 in the Yoast SEO Plugin
A comprehensive breakdown of the CVE-2024-4984 vulnerability found in the Yoast SEO plugin for WordPress, discussing its potential effects and urging users to update their systems to mitigate risks.
8 months ago
www.annanowa.comCVE-2023-6326CVE-2023-6326 | Master Slider Plugin up to 3.9.5 on WordPress process_bulk_action cross-site request forgery – Annanowa
Contact Me Address: Kuzyaka District Milas Mugla ZIP: 48200 Mobile Phone: 05386281520 E Mail: caglararli @ hotmail.com-caglararli @ gmail.com Web Site: www.caglararli.com.tr –...
8 months ago
prophaze.comCVE-2024-4295CVE-2024-4295 : ICEGRAM EXPRESS EMAIL SUBSCRIBERS PLUGIN UP TO 5.7.20 ON WORDPRESS HASH SQL INJECTION - Cloud WAF
CVE-2024-4295 : The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including.
8 months ago
prophaze.comCVE-2024-4984CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING - Cloud WAF
CVE-2024-4984 : The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping.
9 months ago
RewterzCVE-2024-4439CVE-2024-4439 – WordPress WP Core Plugin Vulnerability - Rewterz
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name.
9 months ago
CybersecurityNewsCVE-2024-3895WordPress Plugin Flaw Exposes 10k+ Websites to Cyber Attacks
A critical vulnerability in the WP Datepicker WordPress plugin was identified, affecting more than 10,000 active installations.
9 months ago
Qualys Security BlogCVE-2024-2879WordPress LayerSlider Plugin: SQL Injection Vulnerability | Qualys Security Blog
On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more…
9 months ago
TuxCareCVE-2024-2879CVE-2024-2879 Archives
LayerSlider Plugin Flaw Exposes 1M... Recent media reports have revealed a crucial LayerSlider plugin flaw. According to these reports, this flaw has exposed numerous...
10 months ago
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
10 months ago
Unical AcademyCVE-2024-2879WordPress Plugin SQl Injection Exposes 1,000,000 Sites to Cyber Attack - Unical Academy
Over a million WordPress websites have been at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin.The flaw, CVE-2024-2879, could allow unauthenticated attackers to extract sensitive data, including password hashes, from websites’ databases.CVE-2024-2879: ...
10 months ago
CybersecurityNewsCVE-2024-2879Wordpress Plugin SQL Injection Flaw Exposes 1,000,000 Sites to Cyber Attack
Over a million WordPress websites put at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin.
10 months ago
Important Safety Flaw Present in Standard LayerSlider WordPress Plugin - AlinaA Cybersecurity World
Apr 03, 2024NewsroomInternet Safety / Vulnerability A important safety flaw impacting the LayerSlider plugin for WordPress may very well be abused to extract delicate info from databases, resembling password hashes. The flaw, designated as CVE-2024-2879carries a CVSS rating of 9.8 out of a most of...
10 months ago
Cybersafe SolutionsCVE-2024-1071Cybersafe Solutions Security Advisory Bulletin March 1, 2024
Security Updates for Progress Kemp’s LoadMaster, WordPress Plugin ‘Ulimate Member,’ Joomla, Google Chrome, and Mozilla Products
10 months ago
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
WordPress sites under attack! A new malware campaign exploits Popup Builder plugin vulnerability (CVE-2023-6000) infecting over 3,900 sites
11 months ago