Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects

Discussion in 'other security issues & news' started by mood, Mar 22, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects
    March 22, 2019
    https://www.bleepingcomputer.com/ne...ulnerability-used-to-add-malicious-redirects/
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Popular Yuzo WordPress Plugin Exploited to Redirect Users to Scams
    April 10, 2019
    https://www.bleepingcomputer.com/ne...-plugin-exploited-to-redirect-users-to-scams/
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Mailgun hacked part of massive attack on WordPress sites
    Spray-and-pray hacking campaign hits Mailgun's WordPress site and redirects users to malicious sites
    April 10, 2019
    https://www.zdnet.com/article/mailgun-hacked-part-of-massive-attack-on-wordpress-sites/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    WordPress Yellow Pencil Plugin Flaws Actively Exploited
    Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered
    April 12, 2019

    https://threatpost.com/wordpress-yellow-pencil-plugin-exploited/143729/
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    A security researcher with a grudge is dropping Web 0days on innocent users
    Exploits published over the past three weeks exposed 160,000 websites to potent attacks
    April 13, 2019

    https://arstechnica.com/information...udge-is-dropping-web-0days-on-innocent-users/
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Exploits in the Wild for WordPress Social Warfare Plugin CVE-2019-9978
    April 22, 2019
    https://unit42.paloaltonetworks.com...ordpress-social-warfare-plugin-cve-2019-9978/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Flashpoint: Our site was not dishing malware
    April 23, 2019
    https://www.scmagazine.com/home/security-news/flashpoint-our-site-was-not-dishing-malware/
    Flash Point: After-Action Report: Flashpoint Remediation of 0-Day Exploit on Our Public-Facing Website
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts
    May 15, 2019
    https://www.bleepingcomputer.com/ne...live-chat-plugin-lets-hackers-inject-scripts/
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Currently Tracking: WordPress Plugin Vulnerabilities Causing Malicious Redirects
    May 17, 2019
    https://www.sitelock.com/blog/tracking-wordpress-plugin-vulnerabilities/
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Hackers actively exploit WordPress plugin flaw to send visitors to bad sites
    May 30, 2019
    https://arstechnica.com/information...ss-plugin-flaw-to-send-visitors-to-bad-sites/
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Irked Researcher Discloses Facebook WordPress Plugin Flaws
    Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook
    June 17, 2019

    https://threatpost.com/irked-researcher-discloses-facebook-wordpress-plugin-flaws/145771/
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Recent WordPress Vulnerabilities Targeted by Malvertising Campaign
    July 22, 2019
    https://www.wordfence.com/blog/2019...rabilities-targeted-by-malvertising-campaign/
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Authenticated XSS Found in WordPress Plugin Facebook Widget
    July 29, 2019
    https://www.securityweek.com/authenticated-xss-found-wordpress-plugin-facebook-widget
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    WordPress plugins vulnerable to redirects
    August 27, 2019
    https://www.scmagazine.com/home/security-news/cyberattack/wordpress-plugins-vulnerable-to-redirects/
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    WordPress sites under attack as hacker group tries to create rogue admin accounts
    Hackers exploit vulnerabilities in more than ten WordPress plugins to plant backdoor accounts on unpatched sites
    August 30, 2019

    https://www.zdnet.com/article/wordp...r-group-tries-to-create-rogue-admin-accounts/
    Wordfence: Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin
    September 25, 2019
    https://www.bleepingcomputer.com/ne...patched-bug-in-rich-reviews-wordpress-plugin/
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing
    October 22, 2019
    https://threatpost.com/open-redirect-bug-bridge-theme/149437/
    Wordfence: Open Redirect Vulnerability Patched In Bridge Theme
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    WordPress plugin bug lets hackers create rogue admin accounts
    April 27, 2020
    https://www.bleepingcomputer.com/ne...bug-lets-hackers-create-rogue-admin-accounts/
    Wordfence: High Severity Vulnerability Patched in Real-Time Find and Replace Plugin
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    Hackers target WordPress sites running OneTone theme
    April 28, 2020
    https://www.techradar.com/news/hackers-target-wordpress-sites-running-onetone-theme
    Sucuri: OneTone Vulnerability Leads to JavaScript Cookie Hijacking
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,347
    KingComposer fixes a reflected XSS impacting 100,000 WordPress sites
    July 10, 2020
    https://securityaffairs.co/wordpress/105749/hacking/kingcomposer-reflected-xss.html
    Wordfence: XSS Flaw Impacting 100,000 Sites Patched in KingComposer
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.