plugin

Pierluigi Paganini May 12, 2023
A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

Experts warn of an unauthenticated privilege escalation flaw in the popular Essential ‘Addons for Elementor’ WordPress plugin. Essential ‘Addons for Elementor’ WordPress plugin is a collection of 90+ creative elements and extensions Enhance that allow admins to enhance Elementor page building experience. The plugin has more than one million active installations. Researchers from PatchStack discovered that […]

Pierluigi Paganini October 28, 2021
Over 1 million WordPress sites affected by OptinMonster plugin flaws

A vulnerability in the popular the OptinMonster plugin allows unauthorized API access and sensitive information disclosure. A high-severity vulnerability (CVE-2021-39341) in The OptinMonster plugin can allow unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. The flaw was discovered by Wordfence researcher Chloe Chamberland on September 28, 2021, and the development […]

Pierluigi Paganini March 10, 2021
A flaw in The Plus Addons for Elementor WordPress plugin allows sites takeover

Researchers from the Wordfence team found a critical vulnerability in The Plus Addons for Elementor WordPress plugin that could be exploited to take over a website. Researchers at the Wordfence team of the security firm Defiant have spotted a critical flaw in The Plus Addons for Elementor WordPress plugin that could be exploited by attackers […]

Pierluigi Paganini January 17, 2021
Critical flaws in Orbit Fox WordPress plugin allows site takeover

Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover. Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws are a privilege-escalation vulnerability and a stored XSS bug that impacts over 40,000 installs. The Orbit Fox plugin […]

Pierluigi Paganini August 22, 2020
Thousands of WordPress WooCommerce stores potentially exposed to hack

Hackers are attempting to exploit multiple vulnerabilities in the Discount Rules for WooCommerce WordPress plugin, which has 30,000+ installations. Researchers from security firm WebArx reported that Hackers are actively attempting to exploit numerous flaws in the Discount Rules for WooCommerce WordPress plugin. The list of vulnerabilities includes SQL injection, authorization flaws, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities. Discount […]

Pierluigi Paganini May 14, 2020
Google WordPress Site Kit plugin grants attacker Search Console Access

Experts found a critical bug in Google’s official WordPress plugin ‘Site Kit’ that could allow hackers to gain owner access to targeted sites’ Google Search Console. The Site Kit WordPress plugin makes it easy to set up and configure key Google products (i.e. Search Console, Analytics, Tag Manager, PageSpeed Insights, Optimize, and AdSense), giving users authoritative and […]

Pierluigi Paganini November 21, 2019
A critical flaw in Jetpack exposes millions of WordPress sites

A critical flaw in the Jetpack WordPress Plugin could be exploited by threat actors to hack WordPress websites running flawed versions of the plugin. A critical vulnerability affects the Jetpack WordPress Plugin version Jetpack 5.1. and later, admins and owners of WordPress websites are urged to update their installs to Jetpack version 7.9.1. Jetpack is a […]

Pierluigi Paganini June 11, 2019
Vulnerability in WordPress Live Chat Plugin allows to steal and hijack sessions

Security researchers at Alert Logic have discovered a vulnerability in the WordPress Live Chat plugin that could be exploited to steal and hijack sessions. Experts at Alert Logic have discovered a vulnerability in the popular WordPress Live Chat plugin that could be exploited by an unauthorized remote attacker to steal chat logs or manipulate chat sessions. […]

Pierluigi Paganini December 20, 2017
Backdoor in Captcha Plugin poses serious risks to 300K WordPress sites

Experts discovered that the popular WordPress Captcha plugin installed on over 300,000 sites was recently updated to deliver a hidden backdoor. Security experts at WordFence have discovered that the popular WordPress Captcha plugin installed on over 300,000 sites was recently updated to deliver a hidden backdoor. The WordPress team promptly removed the plugin from the official WordPress […]

Pierluigi Paganini November 20, 2017
Experts observed a new wave of wp-vcd malware attacks targeting WordPress sites

Experts from the firm Sucuri observed a new wave of wp-vcd malware attacks that is targeting WordPress sites leveraging flaws in outdated plugins and themes A new malware campaign is threatening WordPress installs, the malicious code tracked as wp-vcd hides in legitimate WordPress files and is used by attackers to add a secret admin user and […]