Malware scanner jeopardizes more than 10,000 WordPress sites
Two critical vulnerabilities in WordPress plugins from miniOrange will never receive a patch. More than 10,000 websites use the Malware Scanner plugin to detect attackers. However, the tool itself is exploitable by malicious actors.
The vulnerability in Malware Scanner was found by WordPress res... Read more
Thousands of websites infected via vulnerable Popup Builder plugin for WordPress
Hackers have infected more than 3,300 websites with malware in recent weeks, despite the fact that the vulnerability was discovered late last year. The vulnerability is present in outdated versions of the Popup Builder plugin.
The cross-site scripting vulnerability CVE-2023-6000 in Popup Builder... Read more
WordPress in negotiations with OpenAI and Midjourney over AI deal
Automattic announced that it is negotiating with OpenAI and Midjourney for an AI deal. With this deal user data from WordPress users, among others, will enter training data for LLMs from these AI companies. WordPress has stated that it will not share data coming from its paying WordPress VIP users.... Read more
Number of vulnerabilities in WordPress plugins doubled
The number of vulnerabilities in plugins and themes for WordPress has increased significantly over the past year. There is almost a doubling compared to 2022.
That's according to research by WordFence. 4,833 vulnerabilities were identified for the entire WordPress ecosystem in the past year. The... Read more
Vulnerability in popular WordPress plugin affects million websites
The WordPress plugin Better Search Replace has a critical vulnerability that hackers are actively exploiting.
That's what the security experts at Wordfence Intelligence found. The popular WordPress plugin Better Search Replace has over 1 million installs worldwide. The plugin allows WordPress to... Read more
150,000 WordPress sites at risk due to vulnerable SMTP plug-in
A popular WordPress plug-in intended to send emails faster has been found to leave 150,000 websites vulnerable to a takeover. The developer of the POST SMTP plugin has acted swiftly, meaning a patch is already available.
Wordfence reports that the vulnerability was submitted during a bug bounty ... Read more
Phishing attack disguised as warning from the WordPress security team
A new phishing campaign that aims to install a rogue extension specifically targets administrators of WordPress websites, reports Wordfence. Hackers are allegedly posing as the "WordPress Security Team" in the process.
According to Wordfence, a phishing campaign is underway that targets administ... Read more
Bug in WordPress plugin exposes 600,000 vulnerable websites
A plugin to make WordPress sites load faster is vulnerable to an SQL injection attack. WP Fastest Cache is deployed by more than a million websites. The majority of these sites (600,000) are still running a vulnerable version.
It's easy to see why WP Fastest Cache is so popular: its creators pro... Read more
WordPress owner acquires all-in-one messaging app Texts.com
Automattic, the owner of WordPress and Tumblr, has acquired the all-in-one messaging app Texts.com for $50 million (€47 million). The purpose of the acquisition is to accelerate the messaging app's development.
The acquisition gives Automattic an all-in-one messaging app that merges several ot... Read more
Thousands of hacked WordPress sites redirect visitors to scam sites
Thousands of WordPress websites have fallen victim to a hack on the tagDiv plug-in. Hackers infected this plug-in with the Balada Injector.
155,000 WordPress websites are working with the hacked plug-in, according to figures from EnvatoMarkets. The plug-in in question is necessary to obtain two... Read more