Thousands of websites infected via vulnerable Popup Builder plugin for WordPress
Hackers have infected more than 3,300 websites with malware in recent weeks, despite the fact that the vulnerability was discovered late last year. The vulnerability is present in outdated versions of the Popup Builder plugin.
The cross-site scripting vulnerability CVE-2023-6000 in Popup Builder... Read more
Power Automate makes Copilot in Windows 11 much more effective
Microsoft Copilot has so far brought no major improvements to the Windows experience. The AI assistant can help perform tasks that would otherwise require the user to dive into the settings. Major improvements to boost productivity are now not given by Microsoft to Copilot directly but come through... Read more
Number of vulnerabilities in WordPress plugins doubled
The number of vulnerabilities in plugins and themes for WordPress has increased significantly over the past year. There is almost a doubling compared to 2022.
That's according to research by WordFence. 4,833 vulnerabilities were identified for the entire WordPress ecosystem in the past year. The... Read more
Hackers exploit zero-day in WordPress plugin Ultimate Member
Hackers have once again found a way to break into WordPress accounts. This time, a zero-day in the Ultimate Member plugin grants access.
Hackers can penetrate 200,000 WordPress websites through a zero-day in the Ultimate Member plugin. The plugin serves website visitors with a simple account re... Read more
WordPress’s parent company acquires ActivityPub plugin
WordPress users can now easily integrate with the Fediverse, thanks to the new ActivityPub for WordPress plugin. Automattic, the company behind WordPress.com and other web publishing tools, recently acquired the plugin and hired its developer, Matthias Pfefferle, to work for the company.
The plu... Read more
Backdoor found in WordPress plugin widely used by schools
Researchers found a malicious backdoor in a WordPress plugin popular among schools.
The premium version of the WordPress School Management plugin for WordPress has had a backdoor ever since the release of version 8.9 in 2021. Schools use the plugin to operate and manage their websites. The back... Read more
’29 percent of WordPress vulnerabilities remain unpatched’
Critical vulnerabilities in WordPress tend to linger. Some website and plugin developers aren't patching fast enough, says WordPress security specialist Patchstack in a recent report.
A survey by Patchstack shows that the number of WordPress vulnerabilities increased by as much as 150 percent in... Read more
Over 100,000 WordPress websites exposed to takeovers
Details of severe vulnerabilities in a widely-used WordPress plugin reveal that more than 100,000 websites may have been exposed to site takeovers. The details were revealed by security researcher Chloe Chamberland at Wordfence.
The flaws were found in ‘Responsive Menu,’ a plugin that offers... Read more
Enterprise networks are at risk from vulnerabilities in a hundred Jenkins plug-ins
Viktor Gazdag, security consultant at the NCC Group, has found and reported vulnerabilities in over 100 different Jenkins plug-ins over the past 18 months. Gazdag has informed developers, but many plugins haven't gotten a fix yet.
The Jenkins team has published ten security advisories on vulnerabil... Read more
Serious vulnerabilities in two WordPress plugins abused
Attackers have exploited serious vulnerabilities in two commonly used WordPress plug-ins in the wild. These are the plugins Easy WP SMTP and Social Warfare, which have been installed 300,000 times and 70,000 times respectively. The errors have already been fixed, but those patches have not yet been ... Read more