Tag Archives Wordpress malware cleanup

New License Key Vulnerability Identified in WordPress

The latest attack comes in the form of an exploit of the WordPress License Key portal. WordPress is an immensely popular service with use, figuratively, all across the world. It’s a clean and cost-effective way of managing your website activity, so the implications of a breach of this sort add further fuel to the raging fire of cybercrimes. It will be important for a lot of people to understand what is going on, so let us take a look at the situation.

Popular Plugin Ninja Forms Vulenrable to Arbitrary File Upload & Path Traversal

Ninja Forms, is a WordPress plugin which allows websites to facilitate creating and customizing forms just by dragging and dropping. Moreover, it is currently in use on 1 million+ websites. This data, obviously, hints at the popularity Ninja forms when enjoying when the news of Ninja Forms' "File upload" extension being vulnerable to arbitrary file upload and path traversal surfaced a day ago. And it was quite a shocker.

Yellow Pencil Visual Theme Customizer Plugin Exploited - Redirect & Adds Unauthenticated Users

The buzz around exploitation in WordPress plugins was not yet down, when a new report of exploitation in WordPress theme Yellow Pencil Visual theme customizer surfaced. This theme was quite popular with more than 30000 active installations at the time it was taken down from the WordPress's official site. After the vulnerabilities in two of its software was made public by a security researcher, the attempts of exploitation soared. Due to the attacks that followed many sites are now redirecting to other malicious sites

Wordpress Plugin Advanced Contact Form 7 DB vulnerable to SQLi

A very severe SQLi vulnerability has been uncovered in popular WordPress Plugin - Advanced Contact Form 7 DB, having more than 40,000+ active installations. The vulnerability was first reported on March 26th, and the new patched version 1.6.1 has been made live two days ago on 10th of April. However, the current users still have reasons to worry as this vulnerability could be exploited by hackers having even a subscriber's account.

WordPress Hacked? These WordPress Vulnerabilities Could be the Reason

Managing content on the web now is just a matter of seconds affair, thanks to WordPress open-source structure. WordPress has been on the web since the time when blogging was only a new trend. WordPress has evolved with time and has created a successful ecosystem of plugins & themes developers and users. However, like any popular software solution, WordPress has its fair share of security vulnerabilities. Recently, the WordPress iOS app was found leaking sensitive access token of WordPress blog to third party websites. Apart from this, WordPress is one of the widely targeted CMS by attackers and thousands of users each year suffer from a WordPress site hacked. Weighing in on WordPress's security concerns, its CEO Matt Mullenweg once remarked that,

Close