Tag Archives: Wordpress

Sodinokibi ransomware spreads through fake forums on WordPress sites

Sodinokibi spreads through fake forums

Sodinokibi spreads through fake forums. Its operators hack WordPress sites and embed JavaScript code that displays posts from the fake Q&A forum on top of the original site’s content. Messages contain an alleged “response from the administrator” of the site with an active link to the installer of the ransomware program. According to the recent publication in BleepingComputer, attackers hack …

Read More »

Hackers exploit vulnerabilities in more than 10 WordPress plugins in one campaign

Hackers exploit 10 WordPress Plugins

Defiant experts have warned that a group of hackers exploits vulnerabilities in more than 10 WordPress plugins to create new admin accounts on other people’s sites. Then, these accounts serve as backdoors for attackers. According to researchers, occurs natural continuation of the malicious campaign that began in July 2019. That time the same hack group used vulnerabilities in the same …

Read More »

Vulnerability in WP Live Chat Support plugin allows stealing logs and insert messages in chats

WP Live Chat Support

Developers of WP Live Chat Support plugin, which has more than 50,000 installations, report that users should immediately upgrade plugin to version 8.0.33 or later. The fact is that in plugin was detected critical vulnerability that allows an attacker who does not have valid credentials to bypass authentication mechanism. WP Live Chat Support allows adding to the website free chat …

Read More »

Researchers discovered a backdoor in Slick Popup WordPress-plugin

Wordpress Vulnerable

Experts from Defiant company discovered a problem in WordPress-plugin Slick Popup, from which attackers can get into vulnerable websites and create backdoor-accounts. Issue affects all plugins’ versions, including the newest 1.7.1. Plugin Slick Popup accounts about 7000 installations and was developed by Om Ak Solutions. Slick Popup created for working in conjunction with other popular WordPress solution – Contact Form …

Read More »

Researchers discovered serious vulnerability in WP Live Chat Support plugin

wordpress vulnerability

Analysts from Sucuri company found in WP Live Chat Support-plugin dangerous bug. Vulnerability allows to unauthorized attackers perform XSS-attack and implement malware on all pages of the website that use this extension. “An XSS flaw is pretty serious in itself. It allows hackers to inject malicious code in websites or web apps and compromise visitors’ accounts or expose them to …

Read More »

Number of attacks on WordPress-websites through the vulnerability Social Warfare critically grew

wordpress under attack

Attacks on WordPress sites are passing as an avalanche, warn experts from Palo Alto Networks. It is possible due to vulnerable plugin Social Warfare that now threatens nearly 40 000 websites. Social Warfare contains XSS-vulnerability that can also lead to remote code performing. “An attacker can use these vulnerabilities to run arbitrary PHP code and control the website and the …

Read More »

Hackers used flaw in Yuzo Related Posts plugin for a massive attack on WordPress-powered websites

Mail service Mailgun was attacked together with more than a thousand of other companies’ sites on Wednesday, April 10. During the attack hackers exploited vulnerability in Yuzo Related Posts plugin that allows establishment of scripting between web-sites (XSS). With its help attackers implemented on vulnerable websites a code that redirects users on malware resources, including fake technical service portals, malicious …

Read More »