Hundreds of WordPress websites have been compromised by a recently discovered backdoor. Whether installed intentionally or not, backdoors represent a serious security risk and should be removed as soon as they are discovered. This could redirect the … [Read more...]

In recent weeks, there has been a spike in plugin attacks that take advantage of vulnerabilities in plugins to inject malicious code into your website. According to the Wordfence team, they noticed a spike in plugin attacks especially … [Read more...]

The Wordfence Threat Intelligence team has reported on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000 installations. These were both reflected Cross-Site scripting … [Read more...]

Over the last few weeks, critical security vulnerabities were discovered in more than 15 of the most popular addon plugins for popular pagebuilder Elementor - a blow to millions of users dependent on Elementor and it's ecosystem of addons. These … [Read more...]

Cross-Site Scripting vulnerabilities were found on the popular WordPress website builder plugin Elementor, installed on over 7 million websites. The vulnerability allows users with access to the Elementor editor to add Javascript to posts which can … [Read more...]

WordPress 5.7 “Esperanza” Release WordPress 5.7 "Esperanza", the first WP update for 2021, has just been released. It brings new functionality and more control to the WP editor without having to deal too much with custom code. From better controls … [Read more...]

WooCommerce 5.0 has now arrived. While this is only a minor release, it is another major step towards the future of WooCommerce and all WooCommerce websites. Included in this update are bugfixes and minor quality of life improvements. This update … [Read more...]

Two Cross-Site Request Forgery (CSRF) vulnerabilities were discovered in NextGen Gallery, a WordPress plugin installed in over 800,000 WordPress websites. Malicious attackers could potentially exploit these vulnerabilities leading to a site takeover, … [Read more...]

The WordPress plugin Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter has been found to suffer from a security flaw relating to authorization issues in most AJAX methods. The vulnerability could be exploited by attackers … [Read more...]

The plugin Orbit Fox by ThemeIsle, a multi-functionality plugin installed on over 400,000 sites, has been found to carry two critical vulnerabilities. The vulnerabilities can potentially allow attackers to take over a WordPress website or inject … [Read more...]