Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

New York Times Internal Data Nabbed From GitHub

The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.

DARKReading
Open in Source
#vulnerability#git#wordpress#backdoor#auth
Popular WordPress Plugins Leave Millions Open to Backdoor Attacks

Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. "These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations.

GHSA-g43w-98wp-m694: SilverStripe framework XML Quadratic Blowup Attack

A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup.

WordPress XStore Theme 9.3.8 SQL Injection

WordPress XStore theme version 9.3.8 suffers from a remote SQL injection vulnerability.

New Antidot Android Malware Poses as Google Update to Steal Funds

By Waqas New Android Malware "Antidot" disguises itself as Google Update to steal banking info. Don't click suspicious update links! Download apps only from Google Play & keep software updated. This is a post from HackRead.com Read the original post: New Antidot Android Malware Poses as Google Update to Steal Funds

Efficient Document Merging Strategies for Professionals

By Uzair Amir Discover time-saving document merging strategies for professionals. Learn how to streamline workflows, enhance collaboration, and protect document integrity for increased productivity and peace of mind. This is a post from HackRead.com Read the original post: Efficient Document Merging Strategies for Professionals

Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

By Deeba Ahmed Android Security Alert- Hackers are disguising malware as popular apps like Instagram and Snapchat to steal your login details. Learn how to identify fake apps and protect yourself from this sneaky cyberattack. This is a post from HackRead.com Read the original post: Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed

By Waqas Millions of IoT and industrial devices at risk! Critical vulnerabilities in Cinterion cellular modems allow remote attackers to take control. This is a post from HackRead.com Read the original post: Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed