What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in wordpress

Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover

Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs. Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. . . . Read more

5M WordPress Sites Running the Contact Form 7 Plugin are Open to Attack

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. A patch for the popular WordPress plugin called Contact Form 7 was released Thursday and fixes a critical bug that allows an unauthenticated adversary to takeover a website . . . Read more

Easy WP SMTP Security Bug Can Reveal Admin Credentials

A poorly configured file opens users up to site takeover. Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails . . . Read more

Widespread Scans Underway for RCE Bugs in WordPress Websites

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these . . . Read more

Ultimate Member Plugin for WordPress Allows Site Takeover

Three critical security bugs allow for easy privilege escalation to an administrator role. A WordPress plugin installed on more than 100,000 sites has three critical security bugs that each allow privilege escalation – and potentially full control over a target WordPress site. The plugin, called Ultimate Member, allows web admins . . . Read more

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin . . . Read more