Cybersecurity researchers from Malwarebytes have discovered a number of WordPress(opens in new tab) websites that were compromised and infected with a malicious plugin that quietly generates ad traffic. In a blog post(opens in new tab) detailing their findings, it was said that a “few dozen” WordPress websites were breached, and whoever was behind the attack […]
Posts Tagged ‘wordpress plugin’
WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action”. This means that […]
Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory. While the plugin includes an extension control, this can be bypassed by adding a PHP shell with a filename that begins with […]
TUESDAY, MAY 07, 2024
WHITE PAPERS
Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...
ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...
Latest Comments