WordPress plugin for web forms contains critical vulnerability
WordPress websites using the Forminator plugin for web forms are extremely vulnerable to uploading and executing malicious files. Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is sounding the alarm about this.
JPCERT/CC has issued an alert for the critical vulnerabilit... Read more
WordPress owner Automattic acquires messaging app Beeper
WordPress owner Automattic has acquired the all-in-one chat platform Beeper. Beeper allows users to chat across networks such as WhatsApp, Facebook, Slack, Instagram, LinkedIn, and more from one app.
It is not Automattic's first acquisition of a messaging service. Last October, the company acqui... Read more
Malware scanner jeopardizes more than 10,000 WordPress sites
Two critical vulnerabilities in WordPress plugins from miniOrange will never receive a patch. More than 10,000 websites use the Malware Scanner plugin to detect attackers. However, the tool itself is exploitable by malicious actors.
The vulnerability in Malware Scanner was found by WordPress res... Read more
Thousands of websites infected via vulnerable Popup Builder plugin for WordPress
Hackers have infected more than 3,300 websites with malware in recent weeks, despite the fact that the vulnerability was discovered late last year. The vulnerability is present in outdated versions of the Popup Builder plugin.
The cross-site scripting vulnerability CVE-2023-6000 in Popup Builder... Read more
WordPress in negotiations with OpenAI and Midjourney over AI deal
Automattic announced that it is negotiating with OpenAI and Midjourney for an AI deal. With this deal user data from WordPress users, among others, will enter training data for LLMs from these AI companies. WordPress has stated that it will not share data coming from its paying WordPress VIP users.... Read more
Number of vulnerabilities in WordPress plugins doubled
The number of vulnerabilities in plugins and themes for WordPress has increased significantly over the past year. There is almost a doubling compared to 2022.
That's according to research by WordFence. 4,833 vulnerabilities were identified for the entire WordPress ecosystem in the past year. The... Read more
Vulnerability in popular WordPress plugin affects million websites
The WordPress plugin Better Search Replace has a critical vulnerability that hackers are actively exploiting.
That's what the security experts at Wordfence Intelligence found. The popular WordPress plugin Better Search Replace has over 1 million installs worldwide. The plugin allows WordPress to... Read more
150,000 WordPress sites at risk due to vulnerable SMTP plug-in
A popular WordPress plug-in intended to send emails faster has been found to leave 150,000 websites vulnerable to a takeover. The developer of the POST SMTP plugin has acted swiftly, meaning a patch is already available.
Wordfence reports that the vulnerability was submitted during a bug bounty ... Read more
Phishing attack disguised as warning from the WordPress security team
A new phishing campaign that aims to install a rogue extension specifically targets administrators of WordPress websites, reports Wordfence. Hackers are allegedly posing as the "WordPress Security Team" in the process.
According to Wordfence, a phishing campaign is underway that targets administ... Read more
Bug in WordPress plugin exposes 600,000 vulnerable websites
A plugin to make WordPress sites load faster is vulnerable to an SQL injection attack. WP Fastest Cache is deployed by more than a million websites. The majority of these sites (600,000) are still running a vulnerable version.
It's easy to see why WP Fastest Cache is so popular: its creators pro... Read more