Hackers are fighting a war over 300K vulnerable WordPress sites

Posted by & filed under Ειδοποιήσεις.

Attackers who are actively exploiting a critical remote code execution flaw affecting over 600,000 of WordPress sites running vulnerable File Manager plugin versions have also been seen protecting the sites they compromise from other threat actors’ attacks. The critical vulnerability allows unauthenticated attackers to upload malicious PHP files and execute arbitrary code following successful exploitation [1, 2, 3]. File Manager’s… Read more »

Hackers actively exploiting severe bug in over 300K WordPress sites

Posted by & filed under Ειδοποιήσεις.

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions. On the morning of September 1st, Seravo’s on-call security officer Ville Korhonen was the first to discover the flaw and the fact that threat actors were already attempting to exploit… Read more »

Flaw in Elementor and Beaver Addons makes WordPress Sites vulnerable

Posted by & filed under Ειδοποιήσεις.

Your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative… Read more »

WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites

Posted by & filed under Ειδοποιήσεις.

If you have a “private” blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites. WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens… Read more »