Critical Vulnerability in WPForms Plugin: Over 6 Million WordPress Sites at Risk
On October 23, 2024, a severe vulnerability was discovered in the popular WPForms plugin, which is active on more than six million WordPress sites. This flaw (CVE-2024-11205) allows authenticated users with “Subscriber” privileges or higher to exploit a missing authorization check, enabling them to refund payments and cancel subscriptions processed through Stripe. With a CVSS […]
WordPress Plugin Anti-Spam by Cleantalk Endangers 200,000 Websites
The popular WordPress plugin Anti-Spam by Cleantalk has been found to contain two critical security vulnerabilities, potentially putting more than 200,000 websites at risk. These flaws allow attackers to gain complete control over affected WordPress instances without prior authentication. Critical Vulnerabilities: Exploits Without Authentication Security researchers at Wordfence initially reported a vulnerability caused by improper […]
Black Friday 2024 – Some Deals You Could be Interested In
Black Friday isn’t just the perfect time to grab new gadgets or clothing – it’s also an excellent opportunity to take your web project to the next level. Hosting providers like SiteGround and Raidboxes, design solutions like Elementor, and powerful plugins from StellarWP are offering incredible discounts that you shouldn’t miss. Check Out SiteGround’s Deals […]
WordPress Plugin Really Simple Security Exposes 4 Million Websites to Risk
Approximately 4 million WordPress websites rely on the “Really Simple Security” plugin. Unfortunately, this widely used tool contains a critical vulnerability that allows attackers to compromise websites. Specifically, the flaw can enable attackers to bypass authentication, potentially gaining unauthorized access to WordPress sites. This issue has been highlighted by the cybersecurity company Wordfence. According to […]
LiteSpeed Cache – Puts 6 Million Websites at Risk
Administrators of websites using the WordPress plugin LiteSpeed Cache should immediately install the available update to avoid the risk of their site being compromised by attackers. Back in September, a significant vulnerability was found in the LiteSpeed Cache plugin. Now, another security flaw has been identified. The company Patchstack has detailed the vulnerability CVE-2024-47374, which […]
Cybersecurity Awareness Month 2024: Focusing on WordPress Security
As part of the annual Cybersecurity Awareness Month, it’s a good time to take a closer look at the security of your WordPress website. WordPress is the world’s most popular content management system (CMS), powering around 40% of all websites. However, this popularity also makes it an attractive target for cybercriminals. Especially in recent months, […]
ACF Plugin – The Ongoing Dispute Between WordPress and WP Engine: What’s Really Happening?
The ongoing dispute between WordPress founder Matt Mullenweg and hosting provider WP Engine has taken another turn. Mullenweg recently announced that WordPress is “forking” the popular plugin Advanced Custom Fields (ACF), developed by WP Engine, and replacing it with a new version called Secure Custom Fields. This decision, according to Mullenweg, was necessary “to remove […]
Important Security Updates for the WordPress Plugin LiteSpeed Cache
In August, security researchers uncovered a serious vulnerability in the popular LiteSpeed Cache plugin for WordPress. This flaw could allow unauthorized users to gain administrator rights on affected websites, potentially putting 5 to 6 million WordPress websites at risk. “The plugin suffers from a privilege escalation vulnerability, allowing unauthenticated visitors to gain admin access and […]
WPML – Critical vulnerability in WordPress plugin puts over 1 million websites at risk
A recently discovered security vulnerability in the WPML (WordPress Multilingual) plugin has put over a million WordPress websites at significant risk. Attackers could exploit this vulnerability to execute arbitrary code on affected servers through Remote Code Execution (RCE), potentially gaining full control over the compromised websites. This security flaw, known as CVE-2024-6386, affects all versions […]