Nuacht

Threat Post3y

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...
Infosecurity-magazine.com1y

Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack

A critical vulnerability has been identified in the AI Engine plugin for WordPress, specifically affecting its free version with over 50,000 active installations. The plugin is widely recognized for ...
GIGAZINELíon na míonna: 11

WordPress forks popular WP Engine plugin 'Advanced Custom Fields' without permission, developer claims plugin was 'taken without consent'

On October 12, 2024 local time, Mullenweg announced that he would fork ACF into a new plugin called 'Secure Custom Fields.' Mullenweg cited the fact that ACF updates are now done directly from the WP ...
Bleeping ComputerLíon na míonna: 4

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) ...