Linux-based malware uses 30 WordPress exploits to inject JavaScript
New Linux-based malware uses 30 vulnerabilities in WordPress plugins to inject malicious JavaScript.
Antivirus vendor Dr. Web reports that the malware comes in two variants capable of attacking Linux-based WordPress sites by exploiting outdated plugins. The first variant found, Linux.BackDoor.Wo... Read more
‘Thousands of WordPress websites use malicious plugins’
Researchers found malicious plugins on nearly 25,000 WordPress websites.
Researchers at the Georgia Institute of Technology discovered 47,337 malicious plugins on 24,931 unique WordPress websites. Each website used two or more infected plugins. 94 percent were actively engaged in malicious acti... Read more
WordPress 6.0 release: new blocks, design tools and more
WordPress 6.0 is available. In addition to Site Editor improvements, the platform received new features for patterns, blocks and designs.
Site Editor, which was introduced in version 5.9, gained new templates for authors, categories and tags. The browsing and navigation structure of WordPress si... Read more
Backdoor found in WordPress plugin widely used by schools
Researchers found a malicious backdoor in a WordPress plugin popular among schools.
The premium version of the WordPress School Management plugin for WordPress has had a backdoor ever since the release of version 8.9 in 2021. Schools use the plugin to operate and manage their websites. The back... Read more
‘Millions of attacks on WordPress plugin Tatsu’
Researchers from security specialist Worldfence discovered millions of attacks on outdated versions of WordPress plugin Tatsu. Attackers are dropping malware with ease.
The newly found attacks target a remote code execution vulnerability in the WordPress plugin Tatsu. Tatsu is a no-code page bu... Read more
Vulnerability in popular WordPress plugin affects millions of websites
A vulnerability in the Elementor plugin for WordPress affects millions of websites. The vulnerability exists in Elementor 3.6.0, which was released on 22 March.
Researchers found that the vulnerability stems from a lack of access checks in one of the plugin's files. The check is supposed to run... Read more
‘Majority of CMS users concerned with security’
More than half of all professional content management system (CMS) users are worried about the security of their system.
The number arises from a report by Storyblok. The CMS developer surveyed hundreds of CMS users in the US and Europe. Most respondents view security as a priority when choosing... Read more
’29 percent of WordPress vulnerabilities remain unpatched’
Critical vulnerabilities in WordPress tend to linger. Some website and plugin developers aren't patching fast enough, says WordPress security specialist Patchstack in a recent report.
A survey by Patchstack shows that the number of WordPress vulnerabilities increased by as much as 150 percent in... Read more
WordPress websites get a forced update
The UpdraftPlus vulnerability allowed anyone to make database backups, but a patch has been force installed on millions of WordPress sites to fix this issue
WordPress recently launched a forced update to millions of websites to fix a critical vulnerability found in the UpdraftPlus plugin. It all... Read more
600,000 WordPress websites threatened by critical RCE vulnerability
Multiple versions of WordPress plugin 'Essential Addons for Elementor' are vulnerable to remote code execution (RCE). The plugin is used by hundreds of thousands of websites. The vulnerability is present in every version prior to 5.0.5.
Its attack surface is huge. According to WordPress, the plu... Read more