Bleeping Computer

WordPress plugin disguised as a security tool injects backdoor

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware ...
Bleeping Computer

WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially ...

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...
Hosted on MSN

Over 30 WordPress plugins pulled after backdoor discovery

More than 30 popular WordPress plugins were removed after investigators found backdoors inserted by a new owner following a business sale. The malicious code remained dormant for months before being ...
Searchenginejournal.com

WordPress Plugin Platform Offers Proactive Security Scanning

WordPress security company Patchstack announced a new security tier called managed Vulnerability Disclosure Program platform (mVDP), which offers both human and advanced AI plugin reviews to help ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...
Gadget Review on MSN

WordPress plugin backdoor hits 20K+ sites in supply chain attack

WordPress plugin backdoor compromises 20,000+ sites through supply chain attack using blockchain evasion tactics and ...
Searchenginejournal.com

WordPress Scraper Plugin Compromised By Security Vulnerability

A WordPress plugin that automatically posts content scraped from other websites has been discovered to contain a critical vulnerability that allows anyone to upload malicious files to affected ...
HotHardware

WordPress Anti-Malware Plugin Flaw Exposes 100K Sites To An Alarming Security Threat

A new threat in is the wild affecting sites that run WordPress, a popular content management system. Wordfence, a company that focuses on security research in the WordPress ecosystem, is reporting ...
Infosecurity-magazine.com

WordPress ASE Plugin Vulnerability Threatens Site Security

A privilege escalation vulnerability has been identified in the Admin and Site Enhancements (ASE) plugin for WordPress, affecting both free and pro versions up to 7.6.2.1. The flaw allows users to ...
TechRepublic

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk Your email has been sent A vulnerability in a widely used WordPress accessibility plugin could allow ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...