Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin
A critical flaw in the Motors WordPress theme affecting more than 20,000 installations allows low-privileged users to gain full control of websites
Wordfence says threat actors are trying to exploit three critical vulnerabilities from 2024
A vulnerability in the WordPress Paid Memberships Subscription plugin could lead to unauthenticated SQL injection on affected sites
10,000 WordPress sites vulnerable to takeover due to critical flaws in HT Contact Form Widget plugin
Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites
An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites
Elementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts
A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers
Patchstack urges admins to patch new WordPress ASE plugin vulnerability that lets users restore previous admin privileges
The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks
Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites
The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites
Slider Revolution is a widely used premium Wordpress plugin with over 9 million active users
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
The vulnerability could lead to remote code execution on affected systems
Users of popular WordPress plugin Backup Migration are urged to patch a new critical vulnerability
With over 20,000 active installations, the plugin is used for user-generated content submissions