The WPForms plugin for WordPress exposes websites to a vulnerability that allows attackers to update subscriptions and issue refunds. This flaw enables attackers to modify data they normally should not have access to. Missing Capability Check The vulnerability is due to a missing capability check in a function within the plugin called wpforms_is_admin_page, which means … Read more
Wordfence issued an advisory on a vulnerability patched in the popular Happy Addons for Elementor plugin, installed on over 400,000 websites. The security flaw could allow attackers to upload malicious scripts that execute when browsers visit affected pages. Happy Addons for Elementor The Happy Addons for Elementor plugin extends the Elementor page builder with dozens … Read more
A critical vulnerability was discovered in the WPML WordPress plugin, affecting over a million installations. The vulnerability allows an authenticated attacker to perform remote code execution, potentially leading to a total site takeover. It is listed as rated 9.9 out of 10 by the Common Vulnerabilities and Exposures (CVE) organization. WPML Plugin Vulnerability The plugin … Read more
Up to 5 million installations of the LiteSpeed Cache WordPress plugin are vulnerable to an exploit that allows hackers to gain administrator rights and upload malicious files and plugins The vulnerability was first reported to Patchstack, a WordPress security company, which notified the plugin developer and waited until the vulnerability was patched before making a … Read more
Google’s John Mueller answered whether having two sites could negatively affect search rankings. His answer is surprisingly applicable to different ways of interpreting the question. Can Having Two Sites Affect Rankings? A person submitted a question to Google where they wanted to know if having two sites could negatively affect their rankings. The question as … Read more
Google’s Gary Illyes answered if switching web hosting platforms could result in a negative outcome for rankings and SEO. It’s a reasonable question because migrating a site to a new web host involves multiple technical factors that can go wrong and have an immediately negative effect. What Does Changing A Website Host Entail? Changing web … Read more
The popular Beaver Builder WordPress Page Builder was found to contain an XSS vulnerability that can allow an attacker to inject scripts into the website that will run when a user visits a webpage. Beaver Builder Beaver Builder is a popular plugin that allows anyone to create a professional looking website using an easy to … Read more
Google’s John Mueller answered a question on Reddit about whether showing different content based on IP address of the site visitor affected SEO. His answer offered insights into Google’s crawling and indexing. Showing Banners For Specific Countries The person asking the question managed a website that wanted to show a banner on the side of … Read more
A popular WordPress backup plugin installed in over 200,000 websites recently patched a high severity vulnerability that could lead to a denial of service attack. Wordfence assigned a CVSS severity level rating of High, with a score of 7.5/10, indicating that plugin users should take note and update their plugin. Backuply Plugin The vulnerability affects the … Read more
A significant vulnerability has been patched in the Website Builder by SeedProd that has over 900,000 installations. This vulnerability, present in versions up to and including 6.15.21, poses a risk for unauthorized data modification on WordPress sites. Vulnerability Details: Missing Capability Check The vulnerability that was discovered is called a missing capability check within the … Read more
A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to arbitrary file deletions, sensitive data retrieval and code execution. Severity Level Of Vulnerability The severity of vulnerabilities are scored on a point system with ratings described … Read more
A significant security vulnerability has been identified and patched in the widely used File Manager plugin for WordPress, affecting over 1 million websites. The vulnerability is rated 8.1 out of 10 in severity and could potentially allow unauthenticated attackers to gain access to sensitive information including data contained in site backups. Unauthenticated Attack Vulnerabilities What … Read more
Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server. MW WP Form Plugin The MW … Read more
Accelerated Mobile Pages WordPress plugin, with over 100,000 installations, patched a medium severity vulnerability that could allow an attacker to inject malicious scripts to be executed by website visitors. Cross-Site Scripting Via Shortcode A cross-site scripting (XSS) is one of the most frequent kind of vulnerability. In the context of WordPress plugins, XSS vulnerabilities happen … Read more
The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts. LiteSpeed was notified of the vulnerability two months ago on August 14th and released a patch in October. Cross-Site Scripting (XSS) Vulnerability Wordfence discovered a Cross-Site Scripting (XSS) vulnerability in the LiteSpeed plugin, the most … Read more
Details of a new form of DDOS that requires relatively minimal resources to launch an attack of unprecedented scale, making it a clear danger for websites as server software companies race to release patches to protect against it. HTTP/2 Rapid Reset Exploit The vulnerability takes advantage of the HTTP/2 and HTTP/3 network protocols that allow … Read more
The U.S. Government National Vulnerability Database (NVD) published notice of a critical vulnerability affecting the Forminator WordPress Contact Form plugin up to an including version 1.24.6. Unauthenticated attackers can upload malicious files to websites which, according to the warning, “may make remote code execution possible.” The vulnerability score rating is 9.8, on a scale of … Read more
The WooCommerce Stripe payment gateway plugin was discovered to have a vulnerability that allows an attacker to steal customer personally identifiable information (PII) from stores using the plugin. Security researchers warn that hackers do not need authentication to pull off the exploit, which received a rating of high, 7.5 on a scale of 1 – … Read more
