Feb 27, 2024NewsroomVulnerability / Website Security A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated site-wide stored [cross-site … [Read more...] about WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
plugin
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Dec 22, 2023NewsroomSkimming / Web Security Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake … [Read more...] about Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts
Jul 01, 2023Ravie LakshmananWebsite Security / Cyber Threat As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on … [Read more...] about Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
May 06, 2023Ravie Lakshmanan Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, … [Read more...] about New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Mar 24, 2023Ravie LakshmananWeb Security / WordPress Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It … [Read more...] about Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Create your own instrumentation with the Java Agent Plugin
TroubleshootingThere are some common problems you might run into when creating your plugin:Still experimental?The OpenTelemetry bridge was added in Elastic APM Java Agent version 1.30.0 — so that is the earliest version you can use this plugin mechanism with — and it was initially added as experimental technology. Depending on which version you are using, you may need to have … [Read more...] about Create your own instrumentation with the Java Agent Plugin
Researchers Find Backdoor in School Management Plugin for WordPress
Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed to have existed since version … [Read more...] about Researchers Find Backdoor in School Management Plugin for WordPress
Preventing your Cloud 'Secrets' from Public Exposure: An IDE plugin solution
I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials, or sometimes just referred to as 'Secrets,' are pieces of user or system-level … [Read more...] about Preventing your Cloud 'Secrets' from Public Exposure: An IDE plugin solution
New IDA Pro plugin provides TileGX support
Threat Research Cisco Talos has a new plugin available for IDA Pro that provides a new disassembler for TileGX binaries. This tool should assist researchers in reverse-engineering threats in IDA Pro that target TileGX. read more >> Share: Tags: Source link … [Read more...] about New IDA Pro plugin provides TileGX support
Cisco Threat Response Plugin: Defeat Threats With Just a Few Clicks
One of the best tools in your SOC’s arsenal is something you might already have access to and didn’t even have to pay for. If you already deploy Cisco Umbrella, AMP for Endpoints, Firepower devices, next-generation intrusion prevention system (NGIPS), Email Security, or Threat Grid, then you can immediately access Cisco Threat Response for FREE. As in no charge. Zero extra … [Read more...] about Cisco Threat Response Plugin: Defeat Threats With Just a Few Clicks