The WordPress plugin “Crawlomatic Multipage Scraper Post Generator” was updated on Friday to patch a critical vulnerability that could lead to remote code execution (RCE).The flaw, tracked as CVE-2025-4369, has a CVSS score of 9.8 and affects all versions of Crawlomatic prior to version 2.6.8.2.Crawlomatic is a plugin by CodeRevolution that automatically scrapes websites for … Read more
May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging … Read more
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of … Read more
Sep 12, 2024Ravie LakshmananNet Safety / Content material Administration WordPress.org has introduced a brand new account safety measure that can require accounts with capabilities to replace plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is anticipated to return into impact beginning October 1, 2024. “Accounts with commit entry can push updates and … Read more
Sep 06, 2024Ravie LakshmananWordPress / Webinar Safety Cybersecurity researchers have found one more crucial safety flaw within the LiteSpeed Cache plugin for WordPress that would permit unauthenticated customers to take management of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS rating: 7.5), impacts variations earlier than and together with 6.4.1. It has been addressed in … Read more