Application Security Security Flaw in WP-Members Plugin Leads to Script Injection A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. Ionut ArghireApril 2, 2024
Vulnerabilities Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites. Ionut ArghireMarch 11, 2024
Incident Response Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. Ionut ArghireFebruary 26, 2024
Vulnerabilities Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware. Ionut ArghireFebruary 20, 2024
Vulnerabilities Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks. Ionut ArghireDecember 12, 2023
Vulnerabilities WordPress 6.4.2 Patches Remote Code Execution Vulnerability WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code. Ionut ArghireDecember 8, 2023
Malware & Threats Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin A backdoor deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence. Ionut ArghireOctober 12, 2023
Malware & Threats Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. Eduard KovacsOctober 9, 2023
Vulnerabilities Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks leading to sensitive information disclosure. Ionut ArghireAugust 31, 2023
Application Security Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. Ionut ArghireJune 21, 2023
Vulnerabilities WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch PoC exploit targeting an XSS vulnerability in the Advanced Custom Fields WordPress plugin started being used in malicious attacks two days after patch. Ionut ArghireMay 15, 2023
Vulnerabilities WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks. Eduard KovacsMay 12, 2023