1.6 million WordPress Sites Were Attacked

WordPress is a free and open-source content management system (CMS) developed in PHP and used in conjunction with a MySQL or MariaDB database. WordPress started as a blog-publishing system but…

Credit Card Swipers Injected into WordPress Plugins

As the holiday season is approaching, more and more people to rush to finish their Christmas shopping without being aware of the fact that cybercriminals don’t take time off for…

Authentication Bypass Vulnerability Patched in User Registration Plugin

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021…

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. The plugin “Variation Swatches for WooCommerce,” installed across 80,000…

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021…

WooCommerce Extension – Reflected XSS Vulnerability

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021…

Fake Ransomware Attacks Targeted WordPress Sites

Up to 300 WordPress websites have been targeted by a number of fake ransomware attacks starting Friday last week. It was noticed that they have been displaying false encryption notices…