Zero‑day in popular WordPress plugin exploited to take over websites

Websites using Fancy Product Designer are susceptible to remote code execution attacks even if the plugin is deactivated. Cybercriminals have been actively exploiting a zero-day vulnerability in Fancy Product Designer, a WordPress plugin used by more than 17,000 websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web publishing platform. Attackers … More Zero‑day in popular WordPress plugin exploited to take over websites

‘Highly critical’ bug exposes unpatched Drupal sites to attacks

Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads. Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution … More ‘Highly critical’ bug exposes unpatched Drupal sites to attacks

Former employee blamed for hack of WordPress plugin maker

The plugin’s users are recommended to change their passwords on WPML’s website following havoc reportedly wrought by a disgruntled ex-employee. The company behind the widely-used WordPress plugin WPML has been through a tumultuous few days after many of its customers received an email this past weekend that purported to warn them about “a bunch of … More Former employee blamed for hack of WordPress plugin maker

Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites

The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes. Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web … More Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites

All websites running WordPress urged to update NOW

Millions of websites running WordPress are being strongly urged to update to the latest version of the popular content management system as soon as possible, after a serious security vulnerability was uncovered. Anthony Ferrara, who discovered the WordPress flaw, starkly summed up the situation: “Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, … More All websites running WordPress urged to update NOW