Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin
Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating. [...]
The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said.
Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide. [...]