Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

WordPress Automatic 3.92.0 Path Traversal / Server-Side Request Forgery

WordPress Automatic plugin versions 3.92.0 and below proof of concept exploit that demonstrates path traversal and server-side request forgery vulnerabilities.

Packet Storm
#vulnerability#wordpress#ssrf
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

WordPress WP-Automatic SQL Injection

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

Misconfigured UN Database Exposes 228GB of Gender Violence Victims’ Data

A cybersecurity researcher discovered a massive data leak exposing over 115,000 sensitive documents associated with the UN Trust…

Hackers Leak 180,000 Esport North Africa User Records a Day Before Tournament Begins

A hacker leaked the personal data of 180,000 Esport North Africa users just before the tournament. While no…

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

Vulnerabilities, AI Compete for Software Developers' Attention

This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.

WP Engine Accuses WordPress of 'Forcibly' Taking Over Its Plug-in

WordPress moves could have security implications for sites using Advanced Custom Fields plug-in.

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It's used on 27 million