WordPress security

Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment DataCredit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data

Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data

Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress…

3 months ago
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment DataNew WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data

New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data

Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas…

3 months ago
ClickFix Malware Infect Website Visitors Via Hacked WordPress WebsitesClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins,…

5 months ago
SocGholish Malware Attacking Windows Users Using Fake Browser UpdateSocGholish Malware Attacking Windows Users Using Fake Browser Update

SocGholish Malware Attacking Windows Users Using Fake Browser Update

The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a…

8 months ago
Mal.Metrica Malware Hijacks 17,000+ WordPress SitesMal.Metrica Malware Hijacks 17,000+ WordPress Sites

Mal.Metrica Malware Hijacks 17,000+ WordPress Sites

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA…

11 months ago
Sign1 Malware Hijacked 39,000 WordPress WebsitesSign1 Malware Hijacked 39,000 WordPress Websites

Sign1 Malware Hijacked 39,000 WordPress Websites

A client's website was experiencing random pop-ups as server side scanner logs revealed a JavaScript injection related to Sign1, which…

1 year ago
WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS AttackWordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack

WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack

A recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over…

1 year ago
Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force AttacksHacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks

Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks

Researchers recently uncovered distributed brute force attacks on target WordPress websites using the browsers of innocent site visitors.  A recent increase…

1 year ago
100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw

100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw

KingComposer, a WordPress plugin found installed with over 100,000 WordPress sites found vulnerable to Reflected Cross-Site Scripting. The vulnerability was…

5 years ago
Massive Hacking Campaign Targets WordPress Websites to Steal Database CredentialsMassive Hacking Campaign Targets WordPress Websites to Steal Database Credentials

Massive Hacking Campaign Targets WordPress Websites to Steal Database Credentials

Cybercriminals launched more than 130 million attacks aiming to harvest database credentials from 1.3 million Wordpress sites. In this massive…

5 years ago