WordPress 5.8.1 is now available and there are 3 WordPress security issues fixed in that version. Altogether this security and maintenance release features 60 bug fixes in addition to 3 security fixes we will be focusing on in this article. Because this was a security release, it is recommended that you update your sites immediately. All versions since WordPress […]
On May 15th, 2020, a SQL injection vulnerability for the Photo Gallery plugin by 10Web (with 300k+ active installations) was published by a researcher at Sun* Cyber Security Research. Not soon after this, we noticed an increase in SQL injection attacks against WordPress sites. As you can see from the graph above, the attacks were […]
The MailerLite Sign Up Forms plugin (version 1.4.4 and below) has multiple SQL injection and CSRF vulnerabilities. The MailerLite Sign Up Form WordPress plugin makes it easy to grow your newsletter subscriber list from your WordPress blog or website. The plugin automatically integrates your WordPress form with your MailerLite email marketing account.” The MailerLite Sign […]
This security advisory is written about the WooCommerce SQL Injection vulnerability. Patchstack users are safe from the vulnerability. Update July 16th, 2021: we have seen a few attacks starting to happen around the evening time on July 15th, 2021. These attacks seem to be very limited so far, but seem to be using UNION and […]
March 26, 2019 by Oliver Sild An unnamed security researcher publicly disclosed security vulnerabilities in the popular WordPress plugin Social Warfare. Which according to WordPress Plugins repository currently had over 70,000 active installations. This caught the attention of hackers and caused massive attacks on websites using that plugin. At the time of writing this article, […]
There is a password reset vulnerability caused by a data leak from a debug log file in the WordPress plugin Easy WP SMTP. Several hours ago, “WP eCommerce” released Easy WP SMTP WordPress plugin version 1.4.3 which patches the easily exploitable and dangerous vulnerability found by NinTechNet. See all Easy WP SMTP vulnerabilities. It appears that Easy […]
The Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter plugin (versions 3.71 and below) suffers from a lack of authorization in most AJAX methods. The Popup Builder WordPress plugin has 200 000+ active installations and the latest version available is 3.73. See all Popup Builder vulnerabilities. This in turn results in multiple […]
A new wave of bitcoin ransom scam has been reported which targets website owners by claiming their sites to be hacked and asking 1500 – 3000 USD worth of bitcoins. Scammers push a narrative that the database of the website has been extracted and if the owner of the site does not cooperate, they will […]
There are SQLi and unauthenticated stored XSS vulnerabilities in Discount Rules for the WooCommerce WordPress plugin. The Discount Rules for the WooCommerce plugin (versions 2.0.2 and below) suffer from multiple vulnerabilities such as SQL injection, authorization issues, and unauthenticated stored cross-site scripting. In this scenario, the unauthenticated stored cross-site scripting issue could potentially lead to […]
This article analyses the Elementor PRO Vulnerability vulnerabilities. Elementor PRO is a page builder for WordPress with approximately 1+ million users. On the 4th of May, many websites had a suspicious subscriber registering to the site that logged in and managed to upload malicious attachments. Split seconds later – another IP was trying to access […]