Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of malicious code, security researchers said. The vulnerability, tracked as CVE-2024-11972, is found in Hunk Companion, a plugin that runs on 10,000 sites that use the… Read More »
reader comments 18 WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning, researchers from security firm Wordfence reported. Over the… Read More »
reader comments 16 with Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available… Read More »
Getty Images reader comments 19 with All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website admins. The passwords were logged when users of a site using the plugin,… Read More »
Aurich Lawson | Getty Images reader comments 41 with Share this story On Thursday, OpenAI announced a plugin system for its ChatGPT AI assistant. The plugins give ChatGPT the ability to interact with the wider world through the Internet, including booking flights, ordering groceries, browsing the web, and more. Plugins are bits of code that… Read More »
reader comments 31 with 0 posters participating Share this story Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. The Linux-based malware installs a backdoor that causes infected sites to… Read More »
Enlarge / Photo illustration by Jakub Porzycki/NurPhoto via Getty Images Getty Images reader comments 67 with 50 posters participating Share this story A US senator is calling on the Department of Homeland Security’s cybersecurity arm to assess the threat posed by browser extensions made in countries known to conduct espionage against the US. “I am… Read More »