CVE/vulnerability
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform.This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites...
CVE/vulnerability
Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability
Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas).The vulnerability, CVE-2024-6220, allows unauthenticated threat actors to upload arbitrary...
Cyber Attack
SocGholish Malware Attacking Windows Users Using Fake Browser Update
The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a browser update, is favored...
cyber security
Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts
Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial discovery was made when the team found that the Social...
cyber security
Mal.Metrica Malware Hijacks 17,000+ WordPress Sites
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious...
Cyber Security News
Sign1 Malware Hijacked 39,000 WordPress Websites
A client's website was experiencing random pop-ups as server side scanner logs revealed a JavaScript injection related to Sign1, which is a malware campaign...
Cyber Attack
Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks
A critical vulnerability was discovered in two plugins developed by miniOrange.The affected plugins, miniOrange’s Malware Scanner and Web Application Firewall, contained a severe...
Cryptocurrency hack
Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks
Researchers recently uncovered distributed brute force attacks on target WordPress websites using the browsers of innocent site visitors. A recent increase in website hacking that targets...