WordPress plugin hole could have allowed attackers to wipe websites

Credit to Author: Danny Bradbury| Date: Wed, 19 Feb 2020 11:21:03 +0000

A WordPress plugin with over 100,000 active installations had a bug that could have allowed unauthorised attackers to wipe its users’ blogs clean, it emerged this week.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/GCOxf6ngpvk” height=”1″ width=”1″ alt=””/>

Read more

Cookie-nabbing app could have served users side helping of XSS

Credit to Author: Danny Bradbury| Date: Fri, 14 Feb 2020 12:29:39 +0000

A popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to XSS attacks.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/uCTRH0KiVPg” height=”1″ width=”1″ alt=””/>

Read more

Update now! Popular WordPress plugins have password bypass flaws

Credit to Author: John E Dunn| Date: Thu, 16 Jan 2020 13:47:38 +0000

Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/qhJn8G3sG5M” height=”1″ width=”1″ alt=””/>

Read more

WordPress sites hit by malvertising

Credit to Author: Danny Bradbury| Date: Thu, 07 Nov 2019 14:01:01 +0000

An old piece of malware is storming the WordPress community, enabling its perpetrators to take control of sites and inject code of their choosing.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/G42iCdpslDg” height=”1″ width=”1″ alt=””/>

Read more

A week in security (October 28 – November 3)

Credit to Author: Malwarebytes Labs| Date: Mon, 04 Nov 2019 16:37:57 +0000

A roundup of the latest cybersecurity news for the week of October 28 – November 3, including cyberattacks against SMBs, the Internet’s 50th birthday, stalkerware, donation scams, and more.

Categories:

Tags:

(Read more…)

The post A week in security (October 28 – November 3) appeared first on Malwarebytes Labs.

Read more

Sextortion scammers are hijacking blogs – and victims are paying up

Credit to Author: Danny Bradbury| Date: Wed, 30 Oct 2019 11:47:05 +0000

Sextortion scammers have started hijacking poorly managed or defunct blogs to expand an increasingly profitable business.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/-sDLyHGhvIU” height=”1″ width=”1″ alt=””/>

Read more

Hackers están infectando sitios WordPress a través de un plugin inactivo

Credit to Author: Naked Security| Date: Mon, 30 Sep 2019 13:59:50 +0000

Si eres administrador de WordPress y utilizas un complemento llamado Rich Reviews, querrás desinstalarlo. El complemento ahora desaparecido tiene una vulnerabilidad importante que permite a “malvertisers” infectar sitios que ejecutan WordPress y redirigir a los visitantes a otras webs. Rich Reviews es un complemento de WordPress que permite a los sitios administrar reseñas internamente en [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/JAq_rOE8XWM” height=”1″ width=”1″ alt=””/>

Read more

Hackers are infecting WordPress sites via a defunct plug-in

Credit to Author: Danny Bradbury| Date: Thu, 26 Sep 2019 10:37:03 +0000

If you’re a Wordpress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/qE8j8GEJrAI” height=”1″ width=”1″ alt=””/>

Read more

WordPress 5.2.3 fixes new clutch of security vulnerabilities

Credit to Author: John E Dunn| Date: Mon, 09 Sep 2019 10:31:30 +0000

WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/j-xSSrxRMDU” height=”1″ width=”1″ alt=””/>

Read more