WordPress

Vulnerabilities

Issued by: Security Week

Fancy Product Designer is a premium plugin for online stores that provides users with the ability to customize products with images and PDF files uploaded from various devices. The plugin provides various other customization options as well. This week, Wordfence discovered that threat actors are targeting an unpatched critical vulnerability in Fancy Product Designer. The…

Vulnerabilities

Issued by: Security Week

WordPress ‘File Manager’ Plugin Patches Critical Zero-Day Exploited in Attacks

Designed to provide WordPress site admins with copy/paste, edit, delete, download/upload, and archive functionality for both files and folders, File Manager has over 700,000 active installs. Assessed with a CVSS score of 10, the recently identified critical security flaw could have allowed an attacker to upload files and execute code remotely on an affected site,…

Vulnerabilities

Issued by: Security Week

Flaw in WordPress Plugin Grants Access to Google Search Console

The plugin, Site Kit by Google, was designed to provide site admins with information on how people find and use their websites, providing insights from critical Google tools, straight to the WordPress dashboard. The plugin has over 400,000 active installations. The recently identified security flaw, which has already been patched by Google, is rated critical…

Vulnerabilities

Issued by: Security Week

ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes. Researchers at web security company WebARX discovered recently that versions 1.3.4 through 1.6.1 of the plugin are affected by a critical vulnerability that allows an unauthenticated attacker to wipe the entire database of…

Vulnerabilities

Issued by: Security Week

Websites Hacked via Zero-Day Flaws in WordPress Plugins

Zero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites. The attacks have been spotted by Wordfence, a company that specializes in protecting WordPress websites. The firm’s investigation revealed that attackers had been exploiting previously unknown vulnerabilities in three WordPress plugins.

Network Security

Issued by: Help Net Security

DDoS attacks via WordPress now come with encryption

Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress via…