Tag Archives: wordpress

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of malicious code, security researchers said. The vulnerability, tracked as CVE-2024-11972, is found in Hunk Companion, a plugin that runs on 10,000 sites that use the… Read More »

AI search engine accused of plagiarism announces publisher revenue-sharing plan

reader comments 17 On Tuesday, AI-powered search engine Perplexity unveiled a new revenue-sharing program for publishers, marking a significant shift in its approach to third-party content use, reports CNBC. The move comes after plagiarism allegations from major media outlets, including Forbes, Wired, and Ars parent company Condé Nast. Perplexity, valued at over $1 billion, aims… Read More »

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

reader comments 18 WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning, researchers from security firm Wordfence reported. Over the… Read More »

Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets

Getty Images reader comments 10 Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability resides in WordPress Automatic, a plugin with more than 38,000 paying customers. Websites running the WordPress content management system use it to incorporate content… Read More »

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

reader comments 16 with Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available… Read More »

WordPress plugin installed on 1 million+ sites logged plaintext passwords

Getty Images reader comments 19 with All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website admins. The passwords were logged when users of a site using the plugin,… Read More »

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Getty Images reader comments 19 with Share this story Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor… Read More »

~11,000 sites have been infected with malware that’s good at avoiding detection

reader comments 2 with Share this story Nearly 11,000 websites in recent months have been infected with a backdoor that redirects visitors to sites that rack up fraudulent views of ads provided by Google Adsense, researchers said. All 10,890 infected sites, found by security firm Sucuri, run the WordPress content management system and have an… Read More »

Hundreds of WordPress sites infected by recently discovered backdoor

reader comments 31 with 0 posters participating Share this story Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. The Linux-based malware installs a backdoor that causes infected sites to… Read More »

Millions of WordPress sites get forced update to patch critical plugin flaw

Getty Images reader comments 28 with 23 posters participating Share this story Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted… Read More »