Stay up to date with WordPress Security

<

Unmasking a Persistent Malware Attack on a WordPress Website

December 4, 2023

WordPress websites remain a prime target for malicious actors in the ever-evolving cybersecurity landscape. This case study delves into a perplexing incident

Read more

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

December 1, 2023

High CPU usage is a common problem faced by WordPress websites. While there are many possible causes, one often overlooked culprit is

Read more

Unmasking a Hidden Malware Attack Targeting Users from Search Results

November 25, 2023

Background: A WordPress website owner reported an issue where users from search results were redirected to random, potentially harmful websites. Despite utilizing

Read more

Critical Broken Access Control Vulnerability in WP Travel Plugin

November 3, 2023

A critical Broken Access Control vulnerability has been identified in the WP Travel plugin. This vulnerability could allow an unprivileged user to

Read more

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

October 31, 2023

A critical Broken Access Control vulnerability has been identified in the WooODT Lite plugin. This vulnerability could allow an unprivileged user to

Read more

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

October 30, 2023

A critical Local File Inclusion (LFI) vulnerability has been identified in the HTML filter and csv-file search plugin. This vulnerability could allow

Read more

Critical Remote Code Execution Vulnerability in PHP to Page Plugin

October 29, 2023

A critical Remote Code Execution (RCE) vulnerability has been identified in the PHP to Page plugin. This vulnerability could allow a malicious

Read more

High-Severity XSS Vulnerability Found in Bonus for Woo Plugin

October 27, 2023

A Cross-Site Scripting (XSS) vulnerability has been found in the WordPress Bonus for Woo plugin version 7.1. This vulnerability could allow a

Read more

Critical Remote Code Execution Vulnerability in News & Blog Designer Pack – WordPress Blog Plugin Plugin

October 26, 2023

A critical Remote Code Execution (RCE) vulnerability has been identified in the WordPress News & Blog Designer Pack – WordPress Blog Plugin

Read more

Critical Arbitrary File Upload Vulnerability in Thumbnail Slider With Lightbox Plugin

October 26, 2023

A critical Arbitrary File Upload vulnerability has been identified in the Thumbnail Slider With Lightbox plugin. This vulnerability could allow a malicious

Read more

Bypass Vulnerability Detected in Admin and Site Enhancements (ASE) Plugin

October 25, 2023

A Bypass Vulnerability vulnerability has been discovered in the WordPress Admin and Site Enhancements (ASE) plugin. This vulnerability could allow a malicious

Read more

High-Severity Vulnerability Detected in My Shortcodes Plugin

October 25, 2023

A Broken Access Control vulnerability has been discovered in the WordPress My Shortcodes plugin. This vulnerability could allow an unprivileged user to

Read more

WordPress Custom My Account for Woocommerce Plugin Cross-Site Request Forgery (CSRF) Vulnerability

October 25, 2023

A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the WordPress Custom My Account for Woocommerce plugin. This vulnerability could allow

Read more

High-Severity Vulnerability Detected in Download CloudNet360 Plugin

October 25, 2023

A Cross-Site Scripting (XSS) vulnerability has been discovered in the WordPress Download CloudNet360 plugin. This vulnerability could allow a malicious actor to

Read more

Critical Settings Change Vulnerability in Deeper Comments Plugin

October 25, 2023

A critical Settings Change vulnerability has been identified in the Deeper Comments plugin. This vulnerability could allow a malicious actor to change

Read more