The plugin Orbit Fox by ThemeIsle, a multi-functionality plugin installed on over 400,000 sites, has been found to carry two critical vulnerabilities. The vulnerabilities can potentially allow attackers to take over a WordPress website or inject … [Read more...]
Contact Form 7 Critical Vulnerability in File Upload Functionality
A security update has been released for the plugin, Contact Form 7, one of the most popular WordPress plugins with more than 5 million users. The security update is meant to address a vulnerability with the file upload functionality in Contact … [Read more...]
PageLayer Plugin Vulnerability Affects Over 200,000 WordPress Sites
Two reflected Cross-Site Scripting (XSS) vulnerabilities were found on the plugin PageLayer which is installed on over 200,000 sites. This is a critical issue as it could allow an attacker to take over a vulnerable WordPress site. These … [Read more...]
Outdated WPBakery Plugin Critical Security Risk to Millions of Sites
The popular page-builder plugin WPBakery, installed in over 4 million websites, was discovered to host a critical flaw that allowed for attackers with contributor-level or above permissions, to inject malicious JavaScript in posts. After a long … [Read more...]
WordPress Websites Security Breach – Outbreak of Malicious File Attacks
We are seeing a disturbing trend emerging from the WordPress community in the past few days and that is an upsurge of reported security breaches. We strongly recommend website admins to perform a security scan of their websites right now and address … [Read more...]
Critical Security Flaw in outdated WooCommerce NAB Transact Plugin
A critical flaw has just been recently disclosed for the widely used payment gateway, WooCommerce extension NAB Transact. By exploiting a vulnerability in the plugin, attackers could potentially fool vendor systems into believing payment … [Read more...]
WordPress 5.5 “Eckstine” + WooCommerce 4.3.2 Released
WordPress 5.5 “Eckstine” Release WordPress.org has just released WordPress 5.5 "Eckstine", which arrives with a host of speed, security, search, accessibility, block editor, and developer functionality improvements. For more information, please … [Read more...]
The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks
The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites, is a simple plugin that adds a “Facebook Messenger” chat pop-up to a WordPress site and connects a chosen Facebook page to receive messages and interact with site … [Read more...]
Over 300,000 Sites Potentially Vulnerable Due to Newsletter Plugin
After recently patching a vulnerability last month, Newsletter, a WordPress plugin installed in over 300,000 websites, was discovered to have two additional, more serious vulnerabilities, a Cross-Site Scripting(XSS) vulnerability and a PHP Object … [Read more...]
Critical Vulnerability Found in All in One SEO Pack Potentially Affecting 2 Million Users
A medium severity security issue has been discovered on the popular plugin All In One SEO Pack, installed in over 2 million sites. The vulnerability allows authenticated users with contributor level permissions and above the ability to inject … [Read more...]