-
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.
- June 25, 2024
- 03:25 PM
2
-
Hackers exploit LiteSpeed Cache flaw to create WordPress admins
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
- May 07, 2024
- 05:42 PM
0
-
New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
- April 30, 2024
- 12:41 PM
- 0
-
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
- April 25, 2024
- 10:27 AM
- 0
-
Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
- April 20, 2024
- 11:19 AM
- 1
-
Hackers deploy crypto drainers on thousands of WordPress sites
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds.
- April 08, 2024
- 02:22 PM
- 0
-
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
- April 03, 2024
- 02:21 PM
- 3
-
Evasive Sign1 malware campaign infects 39,000 WordPress sites
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.
- March 21, 2024
- 11:56 AM
- 0
-
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
- March 10, 2024
- 11:38 AM
- 4
-
Hacked WordPress sites use visitors' browsers to hack other sites
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites.
- March 06, 2024
- 05:35 PM
- 2
-
Hackers exploit critical RCE flaw in Bricks WordPress site builder
Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
- February 19, 2024
- 12:55 PM
- 0
-
Turla hackers backdoor NGOs with new TinyTurla-NG malware
Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.
- February 15, 2024
- 09:49 AM
- 0
-
Hackers target WordPress database plugin active on 1 million sites
Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.
- January 25, 2024
- 09:15 AM
- 2
-
Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
- January 11, 2024
- 04:54 PM
- 1
-
New Balada Injector campaign infects 6,700 WordPress sites
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.
- January 11, 2024
- 12:44 PM
- 0
-
WordPress hosting service Kinsta targeted by Google phishing ads
WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials.
- December 17, 2023
- 06:46 PM
- 0
-
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.
- December 11, 2023
- 05:46 PM
- 2
-
WordPress fixes POP chain exposing websites to RCE attacks
WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
- December 07, 2023
- 03:10 PM
- 0
-
Fake WordPress security advisory pushes backdoor plugin
WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin.
- December 04, 2023
- 12:19 PM
- 4
-
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
- November 14, 2023
- 06:32 PM
- 1
0
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 5.1.5.1165M+ Downloads
-
Version: 1.33.07554,224 Downloads
-
Version: 0.8141,953 Downloads
-
Version: NA103,249 Downloads
-
Version: NA150,238 Downloads
