- Advisories
- By Catalin Cimpanu
- October 18th, 2016
WordPress Sites Under Attack via Security Flaw in Unmaintained Plugin
Users advised to uninstall plugin as soon as possible
- Server related
- By Catalin Cimpanu
- September 22nd, 2016
CloudFlare Launches New Plugin to Secure Your WordPress Sites
You still need a CloudFlare paid subscription plan to take full advantage of the company's infrastructure
- Server related
- By Catalin Cimpanu
- August 17th, 2016
WordPress Plugin Hijacks Websites to Show Payday Loan Ads
Plugin author recognizes mistake, fixes plugin
- Server related
- By Catalin Cimpanu
- August 4th, 2016
Expired Domains Associated with WordPress Plugin Show Ads, Scareware
The blame falls on webmasters, not plugin developers
- Server related
- By Catalin Cimpanu
- June 3rd, 2016
WordPress Sites Under Attack from New Zero-Day in WP Mobile Detector Plugin
Over 10,000 sites were exposed to hacking
- Security
- By Catalin Cimpanu
- March 5th, 2016
Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials
Custom Content Type Manager WP plugin contains a backdoor
- Security
- By Ionut Ilascu
- June 12th, 2015
Patch WooCommerce Now or Count Your Losses
WordPress plugin is used by over 660,000 online stores
- Security
- By Ionut Ilascu
- May 11th, 2015
XSS Glitch Found in RoomCloud Hotel Booking Plugin for WordPress
Bug exploit publicly available, discloses travel info
- Security
- By Ionut Ilascu
- May 6th, 2015
Millions of WordPress Websites Susceptible to Hijack Attacks
Attacks recorded before the disclosure of the vulnerability
- Security
- By Ionut Ilascu
- May 5th, 2015
Admins Fail to Patch Year-Old Glitches in RevSlider, WordPress Sites Compromised
WordPress plugins and the CMS itself should be updated
- Security
- By Ionut Ilascu
- April 30th, 2015
Over 5,000 Websites at Risk Due to Buggy TheCartPress eCommerce Plugin
Proof-of-concept code has been published by the researchers
- Security
- By Ionut Ilascu
- April 25th, 2015
Google Analytics by Yoast Security Patch Fixes Stored XSS
Yoast downplays severity of its Google Analytics update
- Security
- By Ionut Ilascu
- April 21st, 2015
Highly Popular WordPress Plugins Vulnerable to XSS Attacks
Admins should update all WordPress components
- Security Fixes and Improvements
- By Ionut Ilascu
- February 25th, 2015
WP-Slimstat Wordpress Plug-in Relies on Guessable Crypto Key
An attacker would need 10 minutes to crack the key
- Security Blog
- By Ionut Ilascu
- December 4th, 2014
Glitch in InfiniteWP Client Allows Control over Maintenance Page Content
Attackers need to know the administrator's username
- Security
- By Ionut Ilascu
- November 21st, 2014
Persistent XSS Flaw Fixed in WP Statistics Plug-In for WordPress
Users are advised to update as soon as possible
- Security Blog
- By Ionut Ilascu
- November 1st, 2014
Security Flaw in WP eCommerce Plugin Allows Changing Purchase Information
Private info on WordPress sites can be accessed and modified