WPForms Plugin Vulnerability Affects Up To 6 Million Sites

WPForms Plugin Vulnerability Affects Up To 6 Million Sites

The WPForms plugin for WordPress exposes websites to a vulnerability that allows attackers to update subscriptions and issue refunds. This flaw enables attackers to modify data they normally should not have access to. Missing Capability Check The vulnerability is due to a missing capability check in a function within the plugin called wpforms_is_admin_page, which means … Read more

WordPress Anti-Spam Plugin Vulnerability Hits 200k+ Sites

WordPress Anti-Spam Plugin Vulnerability Hits 200k+ Sites

A flaw in a WordPress anti-spam plugin with over 200,000 installations allows rogue plugins to be installed on affected websites. Security researchers rated the vulnerability 9.8 out of 10, reflecting the high level of severity determined by security researchers. Screenshot Of CleanTalk Vulnerability Severity Rating CleanTalk Anti-Spam WordPress Plugin Vulnerability A highly rated anti-spam firewall … Read more

Automattic Receives Backlash For Cloning Premium Plugin

Automattic Receives Backlash For Cloning Premium Plugin

Automattic cloned WP Engine’s paid ACF Premium plugin and is distributing it for free. Many in the WordPress community disapprove of this action, expressing concerns that it undermines the plugin and theme ecosystem. Advanced Custom Fields Plugin Advanced Custom Fields (ACF) is a WordPress plugin that’s popular with WordPress website developers because it enables them … Read more

New WordPress Plugin Simplifies Achieving Success

New WordPress plugin helps users achieve content publishing and SEO goals

The co-founders of Yoast have launched a plugin that helps users plan tasks, defeat procrastination, and remove distractions, making it easier to achieve success. This plugin simplifies managing critical tasks like maintaining website health, publishing posts, and updating content. Why This Plugin Helps Users Become Successful A reason why some websites fail to achieve all … Read more

WordPress Translation Plugin Vulnerability Affects +1 Million Sites

WPML WordPress plugin vulnerable to remote code execution

A critical vulnerability was discovered in the WPML WordPress plugin, affecting over a million installations. The vulnerability allows an authenticated attacker to perform remote code execution, potentially leading to a total site takeover. It is listed as rated 9.9 out of 10 by the Common Vulnerabilities and Exposures (CVE) organization. WPML Plugin Vulnerability The plugin … Read more

WordPress Cache Plugin Vulnerability Affects +5 Million Websites

WordPress Cache Plugin Vulnerability Affects +5 Million Websites

Up to 5 million installations of the LiteSpeed Cache WordPress plugin are vulnerable to an exploit that allows hackers to gain administrator rights and upload malicious files and plugins The vulnerability was first reported to Patchstack, a WordPress security company, which notified the plugin developer and waited until the vulnerability was patched before making a … Read more

WordPress Nested Pages Plugin High Severity Vulnerability

Vulnerability in Nested Pages WordPress plugin

The U.S. National Vulnerability Database (NVD) and Wordfence published a security advisory of a high severity Cross Site Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting up to +100,000 installations. The vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 8.8 on a scale of 1 – 10, with ten representing … Read more

WordPress Takes Bite Out Of Plugin Attacks

WordPress Ends Plugin Supply Chain Attacks

WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords in order to prevent additional website compromises due to the ongoing Supply Chain Attack on WordPress plugins. Supply Chain Attack Hackers have been attacking plugins directly at the source using password credentials exposed in previous … Read more

WordPress Plugin Supply Chain Attacks Escalate

WordPress Plugin Supply Chain Attacks Escalate

WordPress plugins continue to be under attack by hackers using stolen credentials (from other data breaches) to gain direct access to plugin code.  What makes these attacks of particular concern is that these supply chain attacks can sneak in because the compromise appears to users as plugins with a normal update. Supply Chain Attack The … Read more

Wix Announces A Figma Plugin That Turns Designs Into Websites

Wix Announces A Figma Plugin That Turns Designs Into Websites

Wix announced a new Figma Plugin that enables designers to import Figma designs directly into Wix Studio and dramatically speed up site creation from the design stage to a functioning website. Figma Design Tool Figma is a SaaS (software as a service) collaborative design tool that allows designers, teams and clients to prototype designs, in … Read more

New WordPress Plugin Solves Site Navigation Problem

Fewer Tags WordPress Plugin

Joost de Valk, the creator of Yoast SEO plugin, has created a new (and free) plugin for solving a site architecture problem that can silently diminish a website’s ability to rank. Site Architecture Site architecture is an important SEO factor because a well-organized website with clear navigation helps users quickly get to the content and … Read more

WP Rocket WordPress Plugin Now Optimizes LCP Core Web Vitals Metric

WP Rocket WordPress Plugin Now Optimizes LCP Core Web Vitals Metric

WP Rocket, the WordPress page speed performance plugin, just announced the release of a new version that will help publishers optimize for Largest Contentful Paint (LCP), an important Core Web Vitals metric. Large Contentful Paint (LCP) LCP is a page speed metric that’s designed to show how fast it takes for a user to perceive … Read more

WordPress Releases A Performance Plugin For “Near-Instant Load Times”

WordPress speculative loading plugin

WordPress released an official plugin that adds support for a cutting edge technology called speculative loading that can help boost site performance and improve the user experience for site visitors. Speculative Loading Speculative loading is a technique that fetches pages or resources before a user clicks a link to navigate to another webpage. The official … Read more

WordPress Site Builder Plugin Accused Of Adding A “Backdoor”

WordPress Site Builder Plugin Accused Of Adding A "Backdoor"

A widely used add-on plugin for a popular WordPress site builder installed an anti-piracy script that essentially unpublishes all posts. WordPress developers are livid, with some calling the script a malware, a backdoor,  and a violation of laws. BricksUltimate Add-On For Bricks Builder Bricks site builder is a site building platform for WordPress that is … Read more

WordPress Backup Plugin DoS Vulnerability Affects +200,000 Sites

WordPress Backup Plugin DoS Vulnerability Affects +200,000 Sites

A popular WordPress backup plugin installed in over 200,000 websites recently patched a high severity vulnerability that could lead to a denial of service attack. Wordfence assigned a CVSS severity level rating of High, with a score of 7.5/10, indicating that plugin users should take note and update their plugin. Backuply Plugin The vulnerability affects the … Read more

WordPress File Manager Plugin Vulnerability Affects +1 Million Websites

WordPress File Manager Plugin Vulnerability Affects +1 Million Websites

A significant security vulnerability has been identified and patched in the widely used File Manager plugin for WordPress, affecting over 1 million websites. The vulnerability is rated 8.1 out of 10 in severity and could potentially allow unauthenticated attackers to gain access to sensitive information including data contained in site backups. Unauthenticated Attack Vulnerabilities What … Read more

Complianz WordPress GDPR Compliance Plugin Vulnerability

Complianz WordPress GDPR Compliance Plugin Vulnerability

A popular WordPress plugin for privacy compliance with over 800,000 installations recently patched a stored XSS vulnerability that could allow an attacker to upload malicious scripts for launching attacks against site visitors. Complianz | GDPR/CCPA Cookie Consent WordPress Plugin The Complianz plugin for WordPress is a powerful tool that helps website owners comply with privacy … Read more

Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server. MW WP Form Plugin The MW … Read more

We Know You Better!
Subscribe To Our Newsletter
Be the first to get latest updates and
exclusive content straight to your email inbox.
Yes, I want to receive updates
No Thanks!
close-link

Subscribe to our newsletter

Sign-up to get the latest marketing tips straight to your inbox.
SUBSCRIBE!
Give it a try, you can unsubscribe anytime.