Vulnerability in popular WordPress plugin affects million websites
The WordPress plugin Better Search Replace has a critical vulnerability that hackers are actively exploiting.
That's what the security experts at Wordfence Intelligence found. The popular WordPress plugin Better Search Replace has over 1 million installs worldwide. The plugin allows WordPress to... Read more
150,000 WordPress sites at risk due to vulnerable SMTP plug-in
A popular WordPress plug-in intended to send emails faster has been found to leave 150,000 websites vulnerable to a takeover. The developer of the POST SMTP plugin has acted swiftly, meaning a patch is already available.
Wordfence reports that the vulnerability was submitted during a bug bounty ... Read more
WordPress security plugin AIOS saved passwords as plain text
The WordPress security plugin All-In-One Security (AIOS) created a security flaw of its own accord. Because of a bug, the tool collected passwords and stored them as plain text in a database.
AIOS for WordPress is installed on more than 1 million websites and provides security for WordPress webs... Read more
Hackers exploit zero-day in WordPress plugin Ultimate Member
Hackers have once again found a way to break into WordPress accounts. This time, a zero-day in the Ultimate Member plugin grants access.
Hackers can penetrate 200,000 WordPress websites through a zero-day in the Ultimate Member plugin. The plugin serves website visitors with a simple account re... Read more
WordPress patches, but plugin remains vulnerable without update
Two WordPress plugins have received updates to fix vulnerabilities. The security-focused Jetpack plugin is managed by Automattic, the company behind WordPress. In that instance, the company opted for a force install: 5 million websites are said to have already been patched.
Another plugin, Gravi... Read more
WordPress Elementor plugin bug poses a catastrophic threat
WordPress Elementor contains a bug that poses a catastrophic security threat. The vulnerability affects over 1 million WordPress sites and can expose private information or even cause site deletion.
This week BleepingComputer reported that "Essential Addons for Elementor", one of WordPress's mos... Read more
WordPress plugin Elementor Pro vulnerable to attacks
The widely used WordPress plugin Elementor Pro can be abused to take over websites.
According to a NinTechNet researcher, Elementor Pro has a vulnerability that allows cybercriminals to take over millions of websites. The vulnerability affects the plugin's access control.
At issue is a compon... Read more
WordPress hit with two critical-severity vulnerabilities
Patchstack warns that hackers may exploit two premium add-ons primarily used on real estate websites. The Houzez theme plugin, which costs $69, claims to serve over 35,000 customers in the real estate industry by offering easy listing management and a smooth customer experience.
According to Pat... Read more
Vulnerability in popular WordPress plugin affects millions of websites
A vulnerability in the Elementor plugin for WordPress affects millions of websites. The vulnerability exists in Elementor 3.6.0, which was released on 22 March.
Researchers found that the vulnerability stems from a lack of access checks in one of the plugin's files. The check is supposed to run... Read more
WordPress websites get a forced update
The UpdraftPlus vulnerability allowed anyone to make database backups, but a patch has been force installed on millions of WordPress sites to fix this issue
WordPress recently launched a forced update to millions of websites to fix a critical vulnerability found in the UpdraftPlus plugin. It all... Read more