Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign

Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware.

DARKReading
Open in Source
#web#mac#windows#google#linux#wordpress#backdoor#perl#botnet#auth
WordPress WPGateway 3.5 Privilege Escalation

WordPress WPGateway plugin versions 3.5 and below suffer from an unauthenticated privilege escalation vulnerability.

WPGateway WordPress plugin vulnerability could allow full site takeover

Categories: News Tags: WPGateway Tags: WordPress Tags: plugin Tags: vulnerability Tags: CVE We take a look at a vulnerability being exploited in the wild related to the WPGateway WordPress plugin. (Read more...) The post WPGateway WordPress plugin vulnerability could allow full site takeover appeared first on Malwarebytes Labs.

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence

CVE-2022-38139: RD Station

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.1.3 at WordPress.

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Categories: News Tags: BackupBuddy Tags: WordPress Tags: vulnerability Tags: exploit Tags: hack Tags: compromise Tags: update We take a look at a vulnerability in popular WordPress plugin BackupBuddy, and the steps you need to take to fix it. (Read more...) The post BackupBuddy WordPress plugin vulnerable to exploitation, update now! appeared first on Malwarebytes Labs.

CVE-2022-38135: Photospace Gallery

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.