5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running ...
Tag: wordpress
Easy WP SMTP Security Bug Can Reveal Admin Credentials
A poorly configured file opens users up to site takeover. Source link
Widespread Scans Underway for RCE Bugs in WordPress Websites
WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Source link
WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug
The shopping cart application contains a PHP object-injection bug. Source link
WordPress Pushes Out Multiple Flawed Security Updates
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update. Source link
WordPress Patches 3-Year-Old High-Severity RCE Bug
In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software. ...
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs -- together they have 66,000 ...
Stubborn WooCommerce Plugin Bugs Get Third Patch
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch. Source ...
WordPress Plugin Flaw Allows Attackers to Send Forged Emails
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. Source link
