HackDig : Dig high-quality web security articles for hackers

Threat actors target WordPress sites using vulnerable File Manager install

Experts reported threat actors are increasingly targeting a recently addressed vulnerability in the WordPress plugin File Manager. Researchers from WordPress security company Defiant observed a surge in the number of attacks targeting a recently addressed vulnerability in the WordPress plugin File Manager. In early September, experts reported that hack
Publish At:2020-09-11 20:16 | Read:167 | Comments:0 | Tags:Breaking News Hacking File Manager plugin hacking news infor

Attacks Targeting Recent WordPress File Manager Flaw Ramping Up

Attacks targeting a recently addressed vulnerability in the WordPress plugin File Manager are ramping up, warns the Wordfence Threat Intelligence team at WordPress security company Defiant.With over 700,000 active installs, File Manager is a highly popular WordPress plugin that provides admins with file and folder management capabilities (copy/paste, delete,
Publish At:2020-09-11 11:07 | Read:126 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cybercrime wordpress

Hackers are fighting a war over 300K vulnerable WordPress sites

Attackers who are actively exploiting a critical remote code execution flaw affecting over 600,000 of WordPress sites running vulnerable File Manager plugin versions have also been seen protecting the sites they compromise from other threat actors' attacks.The critical vulnerability allows unauthenticated attackers to upload malicious PHP files and exec
Publish At:2020-09-10 16:20 | Read:206 | Comments:0 | Tags:Security wordpress hack

WordPress Plug-in Has Critical Zero-Day

The vulnerability in WordPress File Manager could allow a malicious actor to take over the victim's website.A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in th
Publish At:2020-09-08 16:35 | Read:127 | Comments:0 | Tags: wordpress

WordPress Sites Attacked in Their Millions

Millions of WordPress sites are being probed in automated attacks looking to exploit a recently discovered plugin vulnerability, according to security researchers.Wordfence, which itself produces a plugin for the platform, revealed news of the zero-day bug at the start of September. It affects File Manager which, as the name suggests, is a plugin that helps
Publish At:2020-09-07 08:19 | Read:102 | Comments:0 | Tags: wordpress

Hackers are actively exploiting critical RCE in WordPress sites using File Manager plugin

Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed. Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbit
Publish At:2020-09-02 12:30 | Read:214 | Comments:0 | Tags:Breaking News Hacking File Manager plugin Wordpress exploit

Hackers actively exploiting severe bug in over 300K WordPress sites

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.On the morning of September 1, Arsys's Gonzalo Cruz was the first to discover the flaw and the fact that it was already being exploite
Publish At:2020-09-02 09:54 | Read:123 | Comments:0 | Tags:Security exploit wordpress hack

WordPress Sites Targeted via Vulnerabilities in WooCommerce Discounts Plugin

The owners and administrators of e-commerce websites powered by WordPress and the WooCommerce platform have been warned of attacks exploiting vulnerabilities discovered recently by researchers in a discounts plugin.The flaws were identified on August 7 by researchers at web security company WebARX in Discount Rules for WooCommerce, a plugin that has been ins
Publish At:2020-08-25 00:58 | Read:241 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Thousands of WordPress WooCommerce stores potentially exposed to hack

Hackers are attempting to exploit multiple vulnerabilities in the Discount Rules for WooCommerce WordPress plugin, which has 30,000+ installations. Researchers from security firm WebArx reported that Hackers are actively attempting to exploit numerous flaws in the Discount Rules for WooCommerce WordPress plugin. The list of vulnerabilities includes SQL
Publish At:2020-08-22 04:45 | Read:262 | Comments:0 | Tags:Breaking News Hacking Security Discount Rules information se

A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account

A critical flaw in the wpDiscuz WordPress plugin could be exploited by remote attackers to execute arbitrary code and take over the hosting account. Security experts from Wordfence discovered a critical vulnerability impacting the wpDiscuz WordPress plugin that is installed on over 80,000 sites. The vulnerability could be exploited by attackers to exec
Publish At:2020-08-02 05:45 | Read:439 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

KingComposer fixes a reflected XSS impacting 100,000 WordPress sites

An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin.  Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites.  KingCompo
Publish At:2020-07-10 09:25 | Read:339 | Comments:0 | Tags:Breaking News Hacking Security information security news IT

Botnet blasts WordPress sites with configuration download attacks

byPaul DucklinSecurity researchers at WordFence, a company that’s focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data.In a default installation of WordPress, whether you’ve installed it yourself or are using a hosted service, the configuration file wp-config.php should be off
Publish At:2020-06-05 12:25 | Read:370 | Comments:0 | Tags:Data loss Patching vulnerability wordfence Wordpress

Large-scale campaign targets configuration files from WordPress sites

Security experts have observed a large-scale campaign over the weekend aimed at stealing configuration files from WordPress sites. Security researchers from WordFence have observed a large-scale campaign over the weekend aimed at stealing configuration files from WordPress sites. Threat actors attempted to exploit well- known vulnerabilities in unpatch
Publish At:2020-06-04 08:15 | Read:442 | Comments:0 | Tags:Breaking News Hacking hacking news it security it security a

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

Two security flaws in the PageLayer WordPress plugin can be exploited to potentially wipe the contents or take over WordPress sites. Security experts from WordFence discovered two high severity security vulnerabilities in the PageLayer WordPress plugin that could potentially allow attackers to wipe the contents or take over WordPress sites using vulnerabl
Publish At:2020-05-31 04:48 | Read:501 | Comments:0 | Tags:Breaking News Hacking hacking news it security it security a

A new e-skimmer found on WordPress site using the WooCommerce plugin

Experts discovered a new e-skimmer employed in MageCart attacks against WordPress websites using the WooCommerce plugin. Experts from security firm Sucuri discovered a new e-skimmer software that is different from similar malware used in Magecart attacks. The new software skimmed was employed in attacks on the WordPress-based e-store using the WooCommerce
Publish At:2020-04-12 07:49 | Read:962 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Tools

Tag Cloud