Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. “These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site Read more…

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. “This plugin suffers from unauthenticated site-wide Read more…

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

WordPress Plugin Alert – Critical SQLi Vulnerability Threatens 200K+ Websites

WordPress Plugin Alert – Critical SQLi Vulnerability Threatens 200K+ Websites A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Read more…