WordPress POP CMS Vulnerability
WordPress has released a security update for the popular CMS to address a remote code execution vulnerability. The vulnerability is a property oriented programming (POP) chain issue introduced in WordPress…
WordPress Simple Membership Plugin Vulnerabilities
Researchers have identified two new vulnerabilities in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues. With over…
WordPress Elementor Plugin Critical Vulnerability
Researchers have discovered a security flaw, tracked as CVE-2023-32243, with a CVSS score of 9.8, is an unauthenticated privilege escalation vulnerability in Elementor Wordpress plugin that has an installation over…
WordPress Elementor Pro Plugin Vulnerability
A high-severity flaw in the Elementor Pro WordPress plugin used by more than eleven million websites has been actively exploited by threat actors. Elementor Pro is a premium plugin that is…
AdSense Fraud Campaign affects thousands of websites
Researchers have tracked a surge in WordPress malware during November 2022, redirecting website visitors to fake Q&A sites via ois[.]is. The campaign’s end goal was black hat SEO aimed at increasing…
Fishpig Backdoored
FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach…
WordPress Pingback Vulnerability could lead to DDoS
Researchers have publicised a six-year-old blind SSRF vulnerability in a WordPress Pingback Core feature that could enable DDoS attacks. Pingback which is enabled by default, requests allow WordPress authors to…
WordPress BackupBuddy Plugin Exploit affects 140K Sites
Users of WordPress websites running BackupBuddy(plugin to take WordPress websites backup) have been urged to update the plugin amid reports of active exploitation of a high severity arbitrary file download/read…