04-01-2023 WordPress-sites via dertig kwetsbare plug-ins besmet met backdoor Aanvallers maken gebruik van dertig kwetsbare plug-ins en themes om WordPress-sites met een backdoor te infecteren, zo meldt antivirusbedrijf Doctor Web. Sommige van de gebruikte kwetsbaarheden zijn zeven jaar oud. Zodra er toegang tot de WordPress-sites is verkregen injecteren de aanvallers malafide code op de webpagina's, die bezoekers doorstuurt... Lees meer 23-12-2022 Yith WooCommerce Gift Cards Premium Unauthenticated Arbitrary File Upload The Yith WooCommerce Gift Cards Premium plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the import_actions_from_settings_panel function in versions up to, and including, 3.19.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sit... Lees meer 15-12-2022 Securitybedrijf meldt grootschalige aanvallen op kwetsbare WordPress-plug-ins De afgelopen wekeen hebben hebben er grootschalige aanvallen op twee kwetsbare WordPress-plug-ins plaatsgevonden, zo stelt securitybedrijf Wordfence op basis van eigen cijfers. Het gaat om advertentieplug-in Adning en de Kaswara Modern WPBakery Page Builder add-on, een uitbreiding die het eenvoudiger moet maken om WordPress-sites te ontwerpen. [le... Lees meer 15-12-2022 Botnet probeert in te breken op de beheerdersaccounts van WordPress-sites A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 serve... Lees meer 15-11-2022 Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black ha... Lees meer 11-11-2022 WordPress-sites voorzien van malafide code die bezoekers doorstuurt Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. PublicWWW results show nearly 15,000 websites have been affected by this malwar... Lees meer 10-11-2022 Missing Authorization Vulnerability in Blog2Social Plugin On October 5, 2022, the Wordfence Threat Intelligence team responsibly disclosed a Missing Authorization vulnerability in Blog2Social, a WordPress plugin installed on over 70,000 sites that allows users to set up post sharing to various social networks. Vulnerable versions of the plugin make it possible for authenticated attackers with minimal per... Lees meer 19-10-2022 WordPress-websites via XSS-kwetsbaarheden over te nemen Op WordPress gebaseerde websites zijn door middel van verschillende cross-site scripting (XSS)-kwetsbaarheden over te nemen. WordPress heeft een beveiligingsupdate uitgebracht om de problemen te verhelpen. Het gaat om drie XSS-problemen, waarvan één in de media library in WordPress volgens securitybedrijf Wordfence het gevaarlijkst i... Lees meer 14-09-2022 WPGateway plugin actively exploited The WPGateway plugin is a premium plugin tied to the WPGateway cloud service, which offers its users a way to setup and manage WordPress sites from a single dashboard. Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator. If you have the WPGateway plugin installed, we ur... Lees meer 07-09-2022 Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site w... Lees meer 1 2 3 4 5 6 7 8 9 archief
