Home » Tag Archives: Wordpress

Tag Archives: Wordpress

Vulnerability in WP Live Chat Support plugin allows stealing logs and insert messages in chats

WP Live Chat Support

Developers of WP Live Chat Support plugin, which has more than 50,000 installations, report that users should immediately upgrade plugin to version 8.0.33 or later. The fact is that in plugin was detected critical vulnerability that allows an attacker who does not have valid credentials to bypass authentication mechanism. WP Live Chat Support allows adding to the website free chat …

Read More »

Researchers discovered a backdoor in Slick Popup WordPress-plugin

Wordpress Vulnerable

Experts from Defiant company discovered a problem in WordPress-plugin Slick Popup, from which attackers can get into vulnerable websites and create backdoor-accounts. Issue affects all plugins’ versions, including the newest 1.7.1. Plugin Slick Popup accounts about 7000 installations and was developed by Om Ak Solutions. Slick Popup created for working in conjunction with other popular WordPress solution – Contact Form …

Read More »

Researchers discovered serious vulnerability in WP Live Chat Support plugin

wordpress vulnerability

Analysts from Sucuri company found in WP Live Chat Support-plugin dangerous bug. Vulnerability allows to unauthorized attackers perform XSS-attack and implement malware on all pages of the website that use this extension. “An XSS flaw is pretty serious in itself. It allows hackers to inject malicious code in websites or web apps and compromise visitors’ accounts or expose them to …

Read More »

Number of attacks on WordPress-websites through the vulnerability Social Warfare critically grew

wordpress under attack

Attacks on WordPress sites are passing as an avalanche, warn experts from Palo Alto Networks. It is possible due to vulnerable plugin Social Warfare that now threatens nearly 40 000 websites. Social Warfare contains XSS-vulnerability that can also lead to remote code performing. “An attacker can use these vulnerabilities to run arbitrary PHP code and control the website and the …

Read More »

Hackers used flaw in Yuzo Related Posts plugin for a massive attack on WordPress-powered websites

Mail service Mailgun was attacked together with more than a thousand of other companies’ sites on Wednesday, April 10. During the attack hackers exploited vulnerability in Yuzo Related Posts plugin that allows establishment of scripting between web-sites (XSS). With its help attackers implemented on vulnerable websites a code that redirects users on malware resources, including fake technical service portals, malicious …

Read More »