WordPress plugin flaw lets you take over entire sites

Discussion in 'other security issues & news' started by mood, Feb 11, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WordPress plugin flaw lets you take over entire sites
    February 11, 2019
    https://www.zdnet.com/article/wordpress-plugin-flaw-lets-you-take-over-entire-sites/
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,198
    WordPress is quite the cluster****.
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WordPress shopping sites under attack
    Hackers using cross-site scripting (XSS) flaw in abandoned cart plugin to take over vulnerable sites
    March 12, 2019

    https://www.zdnet.com/article/wordpress-shopping-sites-under-attack/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin
    March 20, 2019
    https://www.wordfence.com/blog/2019...patched-vulnerability-in-easy-wp-smtp-plugin/
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Hidden code gives plugin developers admin access to WordPress sites
    April 1, 2019
    https://portswigger.net/daily-swig/...in-developers-admin-access-to-wordpress-sites
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    The curious case of a WordPress plugin, a rival site spammed with traffic, a war of words, and legal threats
    Devs strip code from toolkit amid blogger dramarama
    April 2, 2019

    https://www.theregister.co.uk/2019/04/02/pippip_attack_claims/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Arbitrary File Upload Vulnerability in popular WooCommerce extension
    April 25, 2019
    https://www.webarxsecurity.com/woocommerce-checkout-manager/
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
    May 6, 2019
    https://threatpost.com/wp-live-chat-wordpress-plugin-re-patches-file-upload-flaw/144420/
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WordPress Plugin WP Statistics Patches XSS Flaw
    A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover
    July 5, 2019

    https://threatpost.com/wordpress-plugin-wp-statistics-patches-xss-flaw/146248/
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    A flaw in outdated versions of Beaver Builder and Elementor plugins allows hacking WordPress sites
    December 13, 2019
    https://securityaffairs.co/wordpress/95076/hacking/beaver-builder-elementor-hacking-wordpress.html
    MalCare: Critical Vulnerability Found on ‘Ultimate Addons for Elementor’ & ‘Ultimate Addons for Beaver Builder’ Plugins
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Critical WordPress Plugin Bug Allows Admin Logins Without Password
    January 14, 2020
    https://www.bleepingcomputer.com/ne...gin-bug-allows-admin-logins-without-password/
    WebARX: Critical Auth Bypass Vulnerability In InfiniteWP Client And WP Time Capsule
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    This WordPress vulnerability could let hackers hijack your entire site
    Users of the WP Database Reset plugin should upgrade to the latest version immediately
    January 17, 2020

    https://www.techradar.com/news/this...ity-could-let-hackers-hijack-your-entire-site
    Wordfence: Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    200K WordPress Sites Exposed to Takeoker Attacks by Plugin Bug
    January 29, 2020
    https://www.bleepingcomputer.com/ne...es-exposed-to-takeoker-attacks-by-plugin-bug/
    Wordfence: High Severity CSRF to RCE Vulnerability Patched in Code Snippets Plugin
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Critical Vulnerability In Profile Builder Plugin Allowed Site Takeover
    February 13, 2020
    https://www.wordfence.com/blog/2020...profile-builder-plugin-allowed-site-takeover/
     
  15. 142395

    142395 Guest

    Again, these are why any security conscious people should seriously block unncessary plugins. It doesn't help if the site was taken over and a bad actor implemented malicious codes directly, but at least protect you from malwarenized plugins.
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Flaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin
    February 17, 2020
    https://www.securityweek.com/flaw-wordpress-themes-plugin-allowed-hackers-become-site-admin
    WebARX: Critical Issue In ThemeGrill Demo Importer Leads To Database Wipe and Auth Bypass
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Critical Bugs in WordPress Plugins Let Hackers Take Over Sites
    February 28, 2020
    https://www.bleepingcomputer.com/ne...ordpress-plugins-let-hackers-take-over-sites/
    Wordfence: Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites
    March 12, 2020
    https://www.bleepingcomputer.com/ne...llows-malicious-code-injection-on-100k-sites/
    Wordfence: Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WPvivid Backup Plugin Flaw Leads to WordPress Database Leak
    March 24, 2020
    https://www.securityweek.com/wpvivid-backup-plugin-flaw-leads-wordpress-database-leak
    WebARX: Vulnerability In WPvivid Backup Plugin Can Lead To Database Leak
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Critical WordPress Plugin Bug Lets Hackers Turn Users Into Admins
    March 31, 2020
    https://www.bleepingcomputer.com/ne...ugin-bug-lets-hackers-turn-users-into-admins/
    Wordfence: Critical Vulnerabilities Affecting Over 200,000 Sites Patched in Rank Math SEO Plugin
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WordPress Plugin Bug Can Be Exploited to Create Rogue Admins
    April 2, 2020
    https://www.bleepingcomputer.com/ne...-bug-can-be-exploited-to-create-rogue-admins/
    Wordfence: High Severity Vulnerability Leads to Closure of Plugin with Over 100,000 Installations
     
  22. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Ninja Forms WordPress plugin patch prevents takeover of 1M sites
    April 30, 2020
    https://www.bleepingcomputer.com/ne...s-plugin-patch-prevents-takeover-of-1m-sites/
    Wordfence: High Severity Vulnerability Patched in Ninja Forms
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Critical WordPress plugin bug lets hackers take over 1M sites
    May 7, 2020
    https://www.bleepingcomputer.com/ne...s-plugin-bug-lets-hackers-take-over-1m-sites/
    Wordfence: Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    WordPress plugin bugs can let hackers take over almost 1M sites
    May 11, 2020
    https://www.bleepingcomputer.com/ne...gs-can-let-hackers-take-over-almost-1m-sites/
    Wordfence: Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,630
    Critical WordPress plugin bug allows for automated takeovers
    May 15, 2020
    https://www.bleepingcomputer.com/ne...ss-plugin-bug-allows-for-automated-takeovers/
    Sucuru: Unauthenticated Stored Cross Site Scripting in WP Support Review
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.