HackDig : Dig high-quality web security articles

Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action&#
Publish At:2022-07-19 11:52 | Read:305 | Comments:0 | Tags:Malwarebytes news compromise CVE exploit hijack JavaScript m

Unpatched WPBakery WordPress Plugin Vulnerability Increasingly Targeted in Attacks

The Wordfence team at WordPress security company Defiant warns of an increase in attacks targeting an unpatched vulnerability in the Kaswara addon for the WPBakery Page Builder WordPress plugin.Tracked as CVE-2021-24284 (CVSS score of 10) and disclosed in April 2021, the critical-severity security bug allows an unauthenticated attacker to upload malicious PH
Publish At:2022-07-18 08:05 | Read:324 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Attackers scan 1.6 million WordPress sites for vulnerable plugin

Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication.The attackers are targeting the Kaswara Modern WPBakery Page Builder, which has been abandoned by its author before receiving a patch for a critical severity fl
Publish At:2022-07-15 13:46 | Read:347 | Comments:0 | Tags:Security wordpress

Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons

Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulner
Publish At:2022-07-15 11:10 | Read:437 | Comments:0 | Tags:Breaking News Hacking CVE-2021-24284 hacking news informatio

New PayPal Phishing Kit Hijacks WordPress Sites

Researchers have uncovered a new phishing kit that, under the guise of security controls, injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data. This data includes government documents, photos, and even financial information.Researchers from Akamai s
Publish At:2022-07-15 09:43 | Read:403 | Comments:0 | Tags:Cybersecurity News phishing wordpress

PayPal phishing kit added to hacked WordPress sites for full ID theft

A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos.Over 400 million individuals and companies are using PayPal as an online payment solution.The kit is hosted on legitimate WordPress websites that have been hacked, which allows
Publish At:2022-07-14 14:20 | Read:241 | Comments:0 | Tags:Security wordpress hack

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.Over a Dozen Flaws Found in Siemens’ Industrial Network Manag
Publish At:2022-06-27 06:20 | Read:662 | Comments:0 | Tags:VERT News Chrome critical vulnerability tracking WordPress s

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code
Publish At:2022-06-19 19:16 | Read:417 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Exploited Vulnerability Patched in WordPress Plugin With Over 1 Million Installations

More than one million WordPress websites were potentially impacted by a critical Ninja Forms plugin vulnerability that appears to have been exploited in the wild.With over one million installations, the popular Ninja Forms plugin helps administrators add customizable forms to their WordPress sites.The exploited security issue, which was identified in the Mer
Publish At:2022-06-17 09:13 | Read:821 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cybercrime Vulnerability

730K WordPress sites force-updated to patch critical plugin bug

WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild.The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up.
Publish At:2022-06-16 15:15 | Read:955 | Comments:0 | Tags:Security wordpress

Backdoor baked into premium school management plugin for WordPress

Security researchers have discovered a backdoor in a premium WordPress plugin designed as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating.The name of the plugin is “School Management,” published by Weblizar, and multiple versions before 9.9.7 were delivered with
Publish At:2022-05-20 14:53 | Read:786 | Comments:0 | Tags:Security wordpress

Critical Jupiter WordPress plugin flaws let hackers take over sites

WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw.Jupiter is a powerful high-quality theme builder for WordPress sites used by over 90,000 popular blogs, online mags, and platforms that enjoy heavy user traffic.The
Publish At:2022-05-18 18:51 | Read:1402 | Comments:0 | Tags:Security wordpress hack

Millions of Cyberattacks Are Targeting Tatsu WordPress Plugin

Tatsu Builder is a popular plugin that integrates very effective template modification tools directly into the user’s web browser.What Happened?Hackers are making extensive use of a remote code execution vulnerability known as CVE-2021-25094 that is present in the Tatsu Builder plugin for WordPress. This plugin is used on about 100,000 different websit
Publish At:2022-05-18 10:50 | Read:798 | Comments:0 | Tags:Cybersecurity News wordpress cyber

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and Linux systems. Background The Sysrv botnet first recei
Publish At:2022-05-18 09:01 | Read:1075 | Comments:0 | Tags:Botnets Exploits and vulnerabilities botnet crypto miner cve

Large-Scale Attack Targeting Tatsu Builder WordPress Plugin

Tens of thousands of WordPress websites are potentially at risk of compromise as part of an ongoing large-scale attack targeting a remote code execution vulnerability in the Tatsu Builder plugin.Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip fil
Publish At:2022-05-18 05:14 | Read:423 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities wordpress

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud