WordPress has always had inbuilt features that let you remotely interact with your site. Face it, sometimes you’ll need to access your website and your computer won’t be anywhere nearby. For a long time, the solution was a file named xmlrpc.php. But in recent years, the file has become more of […]
WordPress was originally launched as a blogging platform which much later became the complete web solution it is today, for ecommerce stores, blogs, news, and enterprise-level applications. This evolution of WordPress brought many changes to its core and made it more stable and secure than its previous versions. Because WordPress is an […]
Gaping OptinMonster security hole patched Vulnerabilities in OptinMonster, an email marketing plugin for WordPress, left more than a million websites open to exploitation, security researchers at Wordfence warn. Left unaddressed, the flaws make it possible for an unauthenticated attacker to export sensitive information and add malicious JavaScript to vulnerable WordPress sites, among other […]
An information disclosure vulnerability has been patched in Ninja Forms, the form-building plugin for WordPress with more than one million active installations. An authenticated attacker who abuses the flaw could export personal data submitted to websites via forms built with the extension. The plugin’s developer, Saturday Drive, addressed the flaw in version 3.5.8, which […]
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence’s threat intelligence team, which discovered the flaw, said it reported the […]
Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. One such incident happened recently when the renowned developer BestWebSoft sold a popular Captcha WordPress plugin to an undisclosed buyer, who then modified the plugin to download and install a hidden backdoor. […]
