Home » Tag Archives: Hacking Wordpress

Tag Archives: Hacking Wordpress

Sodinokibi ransomware spreads through fake forums on WordPress sites

Sodinokibi spreads through fake forums

Sodinokibi spreads through fake forums. Its operators hack WordPress sites and embed JavaScript code that displays posts from the fake Q&A forum on top of the original site’s content. Messages contain an alleged “response from the administrator” of the site with an active link to the installer of the ransomware program. According to the recent publication in BleepingComputer, attackers hack …

Read More »

Vulnerability in WP Live Chat Support plugin allows stealing logs and insert messages in chats

WP Live Chat Support

Developers of WP Live Chat Support plugin, which has more than 50,000 installations, report that users should immediately upgrade plugin to version 8.0.33 or later. The fact is that in plugin was detected critical vulnerability that allows an attacker who does not have valid credentials to bypass authentication mechanism. WP Live Chat Support allows adding to the website free chat …

Read More »

Researchers discovered serious vulnerability in WP Live Chat Support plugin

wordpress vulnerability

Analysts from Sucuri company found in WP Live Chat Support-plugin dangerous bug. Vulnerability allows to unauthorized attackers perform XSS-attack and implement malware on all pages of the website that use this extension. “An XSS flaw is pretty serious in itself. It allows hackers to inject malicious code in websites or web apps and compromise visitors’ accounts or expose them to …

Read More »

Number of attacks on WordPress-websites through the vulnerability Social Warfare critically grew

wordpress under attack

Attacks on WordPress sites are passing as an avalanche, warn experts from Palo Alto Networks. It is possible due to vulnerable plugin Social Warfare that now threatens nearly 40 000 websites. Social Warfare contains XSS-vulnerability that can also lead to remote code performing. “An attacker can use these vulnerabilities to run arbitrary PHP code and control the website and the …

Read More »

Hackers used flaw in Yuzo Related Posts plugin for a massive attack on WordPress-powered websites

Mail service Mailgun was attacked together with more than a thousand of other companies’ sites on Wednesday, April 10. During the attack hackers exploited vulnerability in Yuzo Related Posts plugin that allows establishment of scripting between web-sites (XSS). With its help attackers implemented on vulnerable websites a code that redirects users on malware resources, including fake technical service portals, malicious …

Read More »