Security experts at Wordfence reported that Zero-Day vulnerabilities in three different WordPress plugins have been exploited in the wild. Zero-day vulnerabilities in several WordPress plugins have been exploited by threat actors in the wild to hack vulnerable websites and deliver backdoors, the alarm was launched by security firm Wordfence. The attackers ha

Experts from Sucuri discovered crooks are spreading a fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor. A fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor was spread by crooks abusing the popularity of WP-SpamShield Anti-Spam, a WordPress antispam tool. The WP-SpamShield Anti-Spam plugin has over 100,000 installs

Attackers are using automated scans to target freshly installed WordPress websites, WordFence experts dubbed the technique WPSetup attack. According to experts at the WordPress security plugin WordFence, attackers are using automated scans to target freshly installed WordPress websites, taking advantage of administrators who fail to properly configure their

One of the most common methods cybercriminals use to deliver phishing and malware to unsuspecting users is compromising legitimate websites, such as those hosted on WordPress, to house their own malicious content for free. The URLs of compromised sites used for phishing attacks reach users through spam emails, allowing security professionals to keep track of

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity

The Interpol located and shut down nearly 9,000 Command and control servers located in Asia and hacked with a WordPress plug-in exploit. An investigation conducted by the Interpol resulted in the identification of nearly 9,000 command and control servers located in Asia. The law enforcement body operated with the support of private partners, including Kasper

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security.“Security is not an absolute, it’s a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It’s about employing the appropriate security controls tha

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè D

NextGEN Gallery is an extraordinarily popular plugin for self-hosted WordPress websites, having been downloaded over 16.5 million times.The software’s widespread popularity (it claims to have been “the industry’s standard WordPress gallery plugin” since 2007) makes it an seemingly obvious choice for website owners looking to add image

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensi

According to experts at the security firm Sucuri, a critical content injection flaw in WordPress recently disclosed has already been exploited to deface thousands of websites. Recently a critical vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw that affects the WordPress REST API. The vulnerability was discover

What has happened?A severe zero-day vulnerability has been fixed in WordPress, which – if left unpatched – could allow a malicious attacker to modify the content of any post or page on a WordPress site.Woah! Any post or page could be hijacked?Yes, it’s as though you’ve handed the reins of your site over to a malicious hacker and said

A new dangerous Zero-day Content Injection vulnerability has been discovered in the WordPress CMS, it affects the WordPress REST API. A new dangerous vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. The vulnerability discovered by a security researcher at firm Sucuri could be exploite

Security experts from Wordfence observed a huge increase in Brute Force attacks in the last three weeks. The security firm Wordfence is warning the WordPress community of a spike in the number of brute force attacks against websites running WordPress. has increased significantly in December compared to the previous period. The researchers observed brute forc

Security firm RIPS Technologies has analyzed 44,705 in the official WordPress plugins directory and discovered that more than 8,800 of them are flawed. Experts from the security company RIPS Technologies have conducted an interesting analysis of WordPress plugins. The researchers have analyzed 44,705 of the roughly 48,000 plugins available in the official Wo