Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. “These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site Read more…

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus Read more…

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol Read more…