Wordpress

Pierluigi Paganini November 16, 2017
Formidable Forms plugin vulnerabilities expose WordPress sites attacks

A researcher from Finland-based company Klikki Oy has discovered several vulnerabilities in the Formidable Forms plugin that expose websites to attacks. The researcher Jouko Pynnönen from Finland-based company Klikki Oy has discovered several vulnerabilities in the Formidable Forms plugin the expose websites to attacks. The Formidable Forms plugin allows users to easily create contact pages, polls and surveys, and many other kinds […]

Pierluigi Paganini October 03, 2017
Zero-Day flaws in 3 WordPress Plugins being exploited in the wild

Security experts at Wordfence reported that Zero-Day vulnerabilities in three different WordPress plugins have been exploited in the wild. Zero-day vulnerabilities in several WordPress plugins have been exploited by threat actors in the wild to hack vulnerable websites and deliver backdoors, the alarm was launched by security firm Wordfence. The attackers have exploited three critical zero-day vulnerabilities […]

Pierluigi Paganini September 30, 2017
Crooks spreads backdoor devised as a security WordPress Plugin

Experts from Sucuri discovered crooks are spreading a fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor. A fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor was spread by crooks abusing the popularity of WP-SpamShield Anti-Spam, a WordPress antispam tool. The WP-SpamShield Anti-Spam plugin has over 100,000 installs for this reason attackers decided to abuse it. Researchers with Sucuri that discovered that […]

Pierluigi Paganini July 14, 2017
WPSetup attack, hackers targets uncompleted WordPress installs

Attackers are using automated scans to target freshly installed WordPress websites, WordFence experts dubbed the technique WPSetup attack. According to experts at the WordPress security plugin WordFence, attackers are using automated scans to target freshly installed WordPress websites, taking advantage of administrators who fail to properly configure their server’s settings. The experts dubbed the attack WPSetup […]

Pierluigi Paganini May 04, 2017
Security researcher disclosed a WordPress Password Reset Vulnerability

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity,” he explained that the issue is caused by […]

Pierluigi Paganini April 26, 2017
Cybercrime – Interpol shutdown nearly 9,000 C&C servers in Asia hacked with a WordPress plug exploit

The Interpol located and shut down nearly 9,000 Command and control servers located in Asia and hacked with a WordPress plug-in exploit. An investigation conducted by the Interpol resulted in the identification of nearly 9,000 command and control servers located in Asia. The law enforcement body operated with the support of private partners, including Kaspersky Lab, Cyber Defense Institute, […]

Pierluigi Paganini March 07, 2017
WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè Dale, Yorick Koster, Simon P. Briggs, Marc […]

Pierluigi Paganini March 01, 2017
SQLi flaw in the NextGEN Gallery plugin exposes at risk of hack more than 1 Million WordPress Installs

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensitive […]

Pierluigi Paganini February 07, 2017
WordPress content injection flaw abused in defacement campaigns

According to experts at the security firm Sucuri, a critical content injection flaw in WordPress recently disclosed has already been exploited to deface thousands of websites. Recently a critical vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw that affects the WordPress REST API. The vulnerability was discovered by a […]

Pierluigi Paganini February 02, 2017
Zero-day Content Injection Vulnerability found in WordPress

A new dangerous Zero-day Content Injection vulnerability has been discovered in the WordPress CMS, it affects the WordPress REST API. A new dangerous vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. The vulnerability discovered by a security researcher at firm Sucuri could be […]