Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Avada Builder flaws allowed file read and SQL injection on one million WordPress sites
40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin
Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites
A critical flaw in the Motors WordPress theme affecting more than 20,000 installations allows low-privileged users to gain full control of websites
A flaw in the Slider Revolution plugin has exposed millions of WordPress sites to unauthorized file access
10,000 WordPress sites vulnerable to takeover due to critical flaws in HT Contact Form Widget plugin
A severe flaw identified in the Forminator WordPress plugin allows arbitrary file deletion and potential site takeover
Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites
Flaw in SureTriggers plugin allows unauthenticated users to create admin accounts on WordPress sites
Elementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts
A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers
Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites
Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites
The LiteSpeed Cache flaw may expose millions of WordPress sites to severe security risks
The WordPress plugin has over 20,000 active installations and is used for site backups and update management
The flaw, discovered by Patchstack, stems from a lack of input sanitization and output escaping in the plugin’s code
The vulnerability could lead to remote code execution on affected systems
Users of popular WordPress plugin Backup Migration are urged to patch a new critical vulnerability
Patchstack uncovered an unauthenticated role privilege escalation flaw and an account takeover vulnerability