An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders.
Posts tagged "plugin"
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
Threatpost
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
Threatpost
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
Threatpost
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
Threatpost
Win10 Admin Rights Tossed Off by Yet Another Plug-In
Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.
Threatpost
Vulnerable WordPress plugin opens door to millions of attacks
A massive ongoing campaign is hunting for websites running vulnerable WordPress addons.