IT Lines

What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in wordpress

Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover

13 Jan, 2021 Cross Site Scripting, Orbit Fox, plugin, privilege escalation, Security News, Security Vulnerabilities, takeover, Vulnerabilities, Web Security, website, wordpress 0 Comments

Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs. Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. . . . Read more

5M WordPress Sites Running the Contact Form 7 Plugin are Open to Attack

17 Dec, 2020 5.3.2, Contact Form 7, CVE-2020-35489, Security News, Vulnerabilities, Web Security, wordpress 0 Comments

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. A patch for the popular WordPress plugin called Contact Form 7 was released Thursday and fixes a critical bug that allows an unauthenticated adversary to takeover a website . . . Read more

Easy WP SMTP Security Bug Can Reveal Admin Credentials

15 Dec, 2020 admin credentials, debug file, easy wp smtp, email management, plugin, security bug, Security News, site takeover, Vulnerabilities, Vulnerability, Web Security, wordpress 0 Comments

A poorly configured file opens users up to site takeover. Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails . . . Read more

Widespread Scans Underway for RCE Bugs in WordPress Websites

18 Nov, 2020 epsilon framework, Hackers, internet scans, probes, RCE, remote code execution, Security News, Security Vulnerabilities, site takeover, themes, Vulnerabilities, Web Security, WordFence, wordpress 0 Comments

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these . . . Read more

Ultimate Member Plugin for WordPress Allows Site Takeover

09 Nov, 2020 Bugs, Cyberattacks, patch, plugin, privilege escalation, Security News, Security Vulnerabilities, site membership, site takeover, ultimate member, Vulnerabilities, Web Security, WordFence, wordpress 0 Comments

Three critical security bugs allow for easy privilege escalation to an administrator role. A WordPress plugin installed on more than 100,000 sites has three critical security bugs that each allow privilege escalation – and potentially full control over a target WordPress site. The plugin, called Ultimate Member, allows web admins . . . Read more

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

06 Nov, 2020 Bug, Code Injection, Denial of Service, e-commerce, information disclosure, patch, PHP Object Injection, plugin, Security News, security vulnerability, Vulnerabilities, Web Security, welcart, WordFence, wordpress 0 Comments

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin . . . Read more