May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging … Read more
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of … Read more
Sep 12, 2024Ravie LakshmananNet Safety / Content material Administration WordPress.org has introduced a brand new account safety measure that can require accounts with capabilities to replace plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is anticipated to return into impact beginning October 1, 2024. “Accounts with commit entry can push updates and … Read more
Sep 06, 2024Ravie LakshmananWordPress / Webinar Safety Cybersecurity researchers have found one more crucial safety flaw within the LiteSpeed Cache plugin for WordPress that would permit unauthenticated customers to take management of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS rating: 7.5), impacts variations earlier than and together with 6.4.1. It has been addressed in … Read more
Aug 28, 2024Ravie LakshmananWordPress Safety / Web site Safety A important safety flaw has been disclosed within the WPML WordPress multilingual plugin that might enable authenticated customers to execute arbitrary code remotely beneath sure circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS rating: 9.9), impacts all variations of the plugin earlier than 4.6.13, which was launched … Read more