Accelerated Mobile Pages WordPress plugin, with over 100,000 installations, patched a medium severity vulnerability that could allow an attacker to inject malicious scripts to be executed by website visitors. Cross-Site Scripting Via Shortcode A cross-site scripting (XSS) is one of the most frequent kind of vulnerability. In the context of WordPress plugins, XSS vulnerabilities happen … Read more
The popular Fluent Forms Contact Form Builder plugin for WordPress, with over 300,000 installations, was discovered to contain a SQL Injection vulnerability that could allow database access to hackers. Fluent Forms Contact Form Builder Fluent Forms Contact Form Builder is one of the most popular contact forms for WordPress, with over 300,000 installations. Its drag-and-drop … Read more
The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts. LiteSpeed was notified of the vulnerability two months ago on August 14th and released a patch in October. Cross-Site Scripting (XSS) Vulnerability Wordfence discovered a Cross-Site Scripting (XSS) vulnerability in the LiteSpeed plugin, the most … Read more
Details of a new form of DDOS that requires relatively minimal resources to launch an attack of unprecedented scale, making it a clear danger for websites as server software companies race to release patches to protect against it. HTTP/2 Rapid Reset Exploit The vulnerability takes advantage of the HTTP/2 and HTTP/3 network protocols that allow … Read more
The U.S. government National Vulnerability Database (NVD) issued an advisory about a vulnerability affecting Metform Elementor Contact Form Builder WordPress plugin that could leak sensitive information. Metform Elementor Contact Form Builder for WordPress The Metform Elementor Contact Form builder is a third party add-on to the popular Elementor page builder plugin with over over 200,000 … Read more
The U.S. Government National Vulnerability Database (NVD) published notice of a critical vulnerability affecting the Forminator WordPress Contact Form plugin up to an including version 1.24.6. Unauthenticated attackers can upload malicious files to websites which, according to the warning, “may make remote code execution possible.” The vulnerability score rating is 9.8, on a scale of … Read more
Ultimate Member WordPress plugin vulnerability, with over 200,000 active installations is being actively exploited on unpatched WordPress sites. The vulnerability is said to require trivial effort to bypass security filters. Ultimate Member Plugin Vulnerability The Ultimate Member WordPress plugin enables publishers to create online communities on their websites. The plugin works by creating a frictionless … Read more
The WooCommerce Stripe payment gateway plugin was discovered to have a vulnerability that allows an attacker to steal customer personally identifiable information (PII) from stores using the plugin. Security researchers warn that hackers do not need authentication to pull off the exploit, which received a rating of high, 7.5 on a scale of 1 – … Read more
The National Vulnerability Database announced that a popular Google Analytics WordPress plugin installed in over 3 million was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability. Stored XSS A Cross-Site Scripting (XSS) attack generally occurs when a part of the website that accepts user input is insecure and allows unanticipated input, like scripts or … Read more
