Search results for WordPress | Breaking Cybersecurity News | The Hacker News

Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that's why tens of millions of websites across the world opt it. But if you or your company are the one using the popular image resizing library called " TimThumb " to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update. 0-Day REMOTE CODE EXECUTION & NO PATCH The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13,

Another popular WordPress plugin by Yoast has been found to be vulnerable to a critical flaw that could be exploited by hackers to hijack the affected website. The critical vulnerability actually resides in the highly popular Google Analytics by Yoast plugin, which allows WordPress admins to monitor website traffic by connecting the plugin to their Google Analytics account. The Google Analytics by Yoast WordPress plugin has been downloaded nearly 7 Million times with more than 1 million active installs, which makes the issue rather more serious. A week back, we reported that all the versions of ' WordPress SEO by Yoast ' was vulnerable to Blind SQL Injection web application vulnerability that allowed an attacker to execute arbitrary payload on the victim WordPress site in order to take control of it. However, the Google Analytics by Yoast plugin is vulnerable to persistent cross-site scripting (XSS) vulnerability that allows hackers to execute malicious PHP code on the server, whic

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri  revealed  in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that's then executed every time the posts are opened in a web browser. While  Eval PHP  has never received an update in 11 years, statistics gathered by WordPress show that it's installed on over 8,000 websites, with the number of downloads skyrocketing from one or two on average since September 2022 to 6,988 on March 30, 2023. On April 23, 2023, alone, it was downloaded 2,140 times. The plugin has racked up 23,110 downloads over the past seven days. GoDaddy-owned Sucuri said it observed some infected websites' databases injected with malicious code into the  "wp_posts" table , which stores a site's  posts,

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress , a Free and Open source content management system (CMS) and blogging tool, has been once again targeted by hackers at large scale. Researchers at Sucuri Labs have detected a " Malware Campaign " with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Malware campaign was operational for more than 14 days ago, but it has experienced a massive increase in the spread of infection in last two days, resulted in affecting more than 5000 Wordpress websites. The Security researchers call this malware attack as " VisitorTracker ", as there exists a javascript function named visitorTracker_isMob() in the malicious code designed by cyber criminals. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and nu

Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. One such incident happened recently when the renowned developer BestWebSoft sold a popular Captcha WordPress plugin to an undisclosed buyer, who then modified the plugin to download and install a hidden backdoor. In a blog post published on Tuesday, WordFence security firm revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store. While reviewing the source code of the Captcha plugin, WordFence folks found a severe backdoor that could allow the plugin author or attackers to remotely gain administrative access to WordPress websites without requiring any authentication. The plugin was configured to automatically pull an updated "backdoored" version from a remote URL — https[://]simplywordpress[dot]net/captcha/captcha_pro_update.php — after installati

More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Coinhive is a popular browser-based service that offers website owners to embed a JavaScript to utilise CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 Wordpress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]solutions. Spotted in April last year, Cloudflare[.]solutions is cryptocurrency mining malware and is not at all related to network

WordPress 3.1.2 released – Security fixes ! The WordPress team just released a new version of WordPress (3.1.2) to fix a security issue where contributor-level users were allowed to publish posts. It is a small release, and everyone using WordPress should upgrade to it! From the WordPress site: WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts. The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter. We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1. Download 3.1.2 or update automatically from the Dashboard → Updates menu in your site's admin area. So do what they say and upgrade it asap! Download link: https://

After recovering from the largest Distributed Denial of Service attack in the service's history ("multiple Gigabits per second and tens of millions of packets per second") yesterday morning, blog host WordPress.com was attacked again very early this morning, finally stabilizing its service at 11:15 UTC (around 3:15 am PST). WordPress.com hosts over 30 million blogs, many of them news sites like our own, which lead some to conjecture that the attacks had come from the Middle East, a region experiencing its own Internet issues at the moment. Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea. According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China's major search engine. WordPress doesn't know exactly why the site was targeted and won't release the name until it

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social share buttons to a WordPress website or blog. Late last month, maintainers of Social Warfare for WordPress released an updated version 3.5.3 of their plugin to patch two security vulnerabilities—stored cross-site scripting (XSS) and remote code execution (RCE)—both tracked by a single identifier, i.e., CVE-2019-9978 . Hackers can exploit these vulnerabilities to run arbitrary PHP code and take complete control over websites and servers without authentication, and then use the compromised sites to perform digital coin mining or host malicious exploit code. However, the same day when Soc

Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had their hands on the nasty bug to exploit millions of WordPress websites. To ensure the security of millions of websites and its users, WordPress delayed the vulnerability disclosure for over a week and worked closely with security companies and hosts to install the patch, ensuring that the issue was dealt with in short order before it became public. But even after the company's effort to protect its customers, thousands of admins did not bother to update their websites, which are still vulnerable to the critical bug and has already been exploited by hackers. While WordPress includes a default feature that automatically updates unpatched websites, some admins running critical services disable this feature for first testing and then applying patches. Even the news blog of one of the famous Linux distribution OpenSUSE (news.opensuse.org) was

A zero-day flaw in the latest version of a WordPress premium plugin known as  WPGateway  is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as  CVE-2022-3180  (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence noted. "Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," Wordfence researcher Ram Gall  said  in an advisory. WPGateway is billed as a means for site administrators to install, backup, and clone WordPress plugins and themes from a unified dashboard. The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username "rangex." Additionally, the appearance of requests to "//wp-content/plugins/wpgateway/wpgateway-webse

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called  Balada Injector   since 2017 . The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play out in waves once every few weeks. "This campaign is easily identified by its preference for  String.fromCharCode  obfuscation, the use of freshly registered domain names hosting malicious scripts on random subdomains, and by redirects to various scam sites," security researcher Denis Sinegubko  said . The websites include  fake tech support , fraudulent lottery wins, and rogue CAPTCHA pages urging users to turn on notifications to 'Please Allow to verify, that you are not a robot,' thereby enabling the actors to send spam ads. The report builds on  recent findings  from Doctor Web, which detailed a Linux malware family th

A zero-day flaw in a WordPress plugin called  BackupBuddy  is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it  said . BackupBuddy allows users to back up their entire WordPress installation from within the dashboard, including theme files, pages, posts, widgets, users, and media files, among others. The plugin is estimated to have around 140,000 active installations, with the flaw (CVE-2022-31474, CVSS score: 7.5) affecting versions 8.5.8.0 to 8.7.4.1. It's been addressed in version 8.7.5 released on September 2, 2022. The issue is rooted in the function called "Local Directory Copy" that's designed to store a local copy of the backups. According to Wordfence, the vulnerability is the result of an insecure implementation, which enables an unauthenticated threat acto

Hacker getting WordPress Database Dump with Google Query ! There appear to be multiple WordPress powered sites that are performing an DB->XML dumb of the articles and subsequent pages. The comments section includes originating IP address, datetime, E-Mail address, homepage, etc. These entities are traditionally not exposed to the anonymous Internet via WordPress. Since the XML dump is structured it's quite easy to harvest this data. More alarming is the volume of sites freely exposing this. I'm not certain of the root cause but perhaps it's related to an upgrade procedure. Google is happily indexing and caching these dumps as it appears they're created in the attachment system (URI ?attachment_id=\d+) with an HREF to the actual dump. A simple Google search below will return a multitude of sites. Perhaps someone on the WordPress side can comment on this behavior? Google Query - inurl:uploads ".xml_.txt" wordpress Another tasty query seems to

The users of WordPress , a free and open source blogging tool as well as content management system (CMS), are being informed of a widespread malware attack campaign that has already compromised more than 100,000 websites worldwide and still counting. The news broke throughout the WordPress community earlier Sunday morning when Google blacklisted over 11,000 domains due to the latest malware campaign , that has been brought by SoakSoak.ru , thus being dubbed the ' SoakSoak Malware ' epidemic. While there are more than 70 million websites on the Internet currently running WordPress, so this malware campaign could be a great threat to those running their websites on WordPress. Once infected, you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge. The search engine giant has already been on top of this infection a

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website's reputation, affect search results, overload your web server, and divert your focus from website development. Website owners and webmasters need a solution to this problem. When selecting an anti-spam solution, the following requirements should be taken into account: The solution must operate automatically, eliminating the need for manual spam checks. It should provide a quick and efficient method of accuracy control. It must be universal, protecting all website forms simultaneously. It should be easy and straightforward to install and set up. It should not require any extra steps from your visitors, ensuring they do

A security vulnerability has been disclosed in the popular WordPress plugin  Essential Addons for Elementor  that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active installations. "This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site," Patchstack researcher Rafie Muhammad  said . Successful exploitation of the flaw could permit a threat actor to reset the password of any arbitrary user as long as the malicious party is aware of their username. The shortcoming is believed to have existed since version 5.4.0. This can have serious ramifications as the flaw could be weaponized to reset the password associated with an administ

A critical vulnerability has been discovered in one of the most popular plugins of the the WordPress content management platform that puts more than one Million websites at risks of being completely hijacked by the attackers. The vulnerability actually resides in most versions of a WordPress plugin called Wettable Powder Slimstat (WP-Slimstat) . While there are more than 70 million websites on the Internet currently running WordPress, more than 1.3 Million of them use the 'WP-Slimstat' Plugin , making it one of the popular plugins of WordPress for powerful real-time web analytic. All the WP-Slimstat versions prior to the latest release of Slimstat 3.9.6 contain an easily guessable 'secret' key which is used to sign data sent to and from the visiting end-user computers, explained in a blog post published Tuesday by Web security firm Sucuri. Once the weak 'secret' key is break, an attacker could perform an SQL injection attack against the target website

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote code execution attacks, including websites powered by some popular content management systems like WordPress and Typo3. PHP unserialization or object injection vulnerabilities were initially documented in 2009, which could allow an attacker to perform different kinds of attacks by supplying malicious inputs to the unserialize() PHP function. If you are unaware, serialization is the process of converting data objects into a plain string, and unserialize function help program recreate an object back from a string. Thomas found that an attacker can use low-risk functions against Phar archives to trigger deserialization attack without requiring