Wordfence issued an advisory on a vulnerability patched in the popular Happy Addons for Elementor plugin, installed on over 400,000 websites. The security flaw could allow attackers to upload malicious scripts that execute when browsers visit affected pages. Happy Addons for Elementor The Happy Addons for Elementor plugin extends the Elementor page builder with dozens … Read more
Another vulnerability was discovered in the LiteSpeed Cache WordPress plugin—an Unauthenticated Privilege Escalation that could lead to a total site takeover. Unfortunately, updating to the latest version of the plugin may not be enough to resolve the issue. LiteSpeed Cache Plugin The LiteSpeed Cache Plugin is a website performance optimization plugin that has over 6 … Read more
A WordPress plugin add-on for the popular Elementor page builder recently patched a vulnerability affecting over 200,000 installations. The exploit, found in the Jeg Elementor Kit plugin, allows authenticated attackers to upload malicious scripts. Stored Cross-Site Scripting (Stored XSS) The patch fixed an issue that could lead to a Stored Cross-Site Scripting exploit that allows … Read more
A critical vulnerability was discovered in the WPML WordPress plugin, affecting over a million installations. The vulnerability allows an authenticated attacker to perform remote code execution, potentially leading to a total site takeover. It is listed as rated 9.9 out of 10 by the Common Vulnerabilities and Exposures (CVE) organization. WPML Plugin Vulnerability The plugin … Read more
Up to 5 million installations of the LiteSpeed Cache WordPress plugin are vulnerable to an exploit that allows hackers to gain administrator rights and upload malicious files and plugins The vulnerability was first reported to Patchstack, a WordPress security company, which notified the plugin developer and waited until the vulnerability was patched before making a … Read more
The U.S. National Vulnerability Database (NVD) and Wordfence published a security advisory of a high severity Cross Site Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting up to +100,000 installations. The vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 8.8 on a scale of 1 – 10, with ten representing … Read more
WordPress security scanner WPScan’s 2024 WordPress vulnerability report calls attention to WordPress vulnerability trends and suggests the kinds of things website publishers (and SEOs) should be looking out for. Some of the key findings from the report were that just over 20% of vulnerabilities were rated as high or critical level threats, with medium severity … Read more
WordPress announced the 6.5.2 Maintenance and Security Release update that patches a store cross site scripting vulnerability and fixes over a dozen bugs in the core and the block editor. The same vulnerability affects both the WordPress core and the Gutenberg plugin. Cross Site Scripting (XSS) An XSS vulnerability was discovered in WordPress that could … Read more
The popular Beaver Builder WordPress Page Builder was found to contain an XSS vulnerability that can allow an attacker to inject scripts into the website that will run when a user visits a webpage. Beaver Builder Beaver Builder is a popular plugin that allows anyone to create a professional looking website using an easy to … Read more
Bricks Visual Site Builder for WordPress recently patched a critical severity vulnerability rated 9.8/10 which is actively being exploited right now. Bricks Builder Bricks Builder is a popular WordPress development theme that makes it easy to create attractive and fast performing websites in hours that would costs up to $20,000 of development time to do … Read more
A popular WordPress backup plugin installed in over 200,000 websites recently patched a high severity vulnerability that could lead to a denial of service attack. Wordfence assigned a CVSS severity level rating of High, with a score of 7.5/10, indicating that plugin users should take note and update their plugin. Backuply Plugin The vulnerability affects the … Read more
A significant vulnerability has been patched in the Website Builder by SeedProd that has over 900,000 installations. This vulnerability, present in versions up to and including 6.15.21, poses a risk for unauthorized data modification on WordPress sites. Vulnerability Details: Missing Capability Check The vulnerability that was discovered is called a missing capability check within the … Read more
A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to arbitrary file deletions, sensitive data retrieval and code execution. Severity Level Of Vulnerability The severity of vulnerabilities are scored on a point system with ratings described … Read more
A significant security vulnerability has been identified and patched in the widely used File Manager plugin for WordPress, affecting over 1 million websites. The vulnerability is rated 8.1 out of 10 in severity and could potentially allow unauthenticated attackers to gain access to sensitive information including data contained in site backups. Unauthenticated Attack Vulnerabilities What … Read more
A popular WordPress plugin for privacy compliance with over 800,000 installations recently patched a stored XSS vulnerability that could allow an attacker to upload malicious scripts for launching attacks against site visitors. Complianz | GDPR/CCPA Cookie Consent WordPress Plugin The Complianz plugin for WordPress is a powerful tool that helps website owners comply with privacy … Read more
Zoom issued an urgent security advisory about a flaw in the Zoom client that could allow a user to gain higher level privileges and access that they are not authorized for. Zoom Clients And User Roles The Zoom web client is what users use to access a meeting. Improper authorization in a Zoom client is … Read more
WordPress has released version 6.4.2 that contains a patch for a critical severity vulnerability that could allow attackers to execute PHP code on the site and potentially lead to a full site takeover. The vulnerability was traced back to a feature introduced in WordPress 6.4 that was meant to improve HTML parsing in the block … Read more
Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server. MW WP Form Plugin The MW … Read more
