WordPress 5.6 Possible Bugs and Issues: What Can Go Wrong?
Is your website already running the latest version of WordPress? We are talking about WordPress 5.6, also known as the Nina Simone update. This is the final major release of the content management system planned for 2020, and it was…
PageLayer Plugin Contains XSS Vulnerabilities, 200,000 Sites at Risk
Security researchers uncovered two vulnerabilities in a WordPress plugin, this time affecting more than 200,000 websites. The PageLayer plugin contains two reflected XSS (cross-site scripting) flaws that could enable threat actors to execute malicious JavaScript code in an administrator’s browser.…
Easy WP SMTP Plugin Flaw Helps Hackers Reset Admin Account Passwords
If you are using the popular Easy WP SMTP WordPress plugin, you should know that researchers discovered a zero-day vulnerability in it. The plugin’s installations are more than 500,000, meaning that half a million websites are at risk. Furthermore, threat…
Secure DNS Scam (DNSSEC) Targets WordPress Bloggers
According to Sophos cybersecurity researchers, a new scam targeted at WordPress bloggers is currently circling the web. Over the weekend, the researchers received a well-crafted scam message that looked more convincing than many other scams out there. DNS Scam Targeting…
What Is а Web Security Gateway?
This article has been created with the main idea to help explain what exactly is the Web Security Gateway technology and how both companies and end-users can benefit from this technology for server safety. Here, we aim to explain to…
WordPress Version 5.5.2, 5.5.3: How Severe Are the Vulnerabilities Patched?
WordPress released two subsequent updates in the past few days – WordPress version 5.5.2, shortly followed by version 5.5.3. The first of these updates contained minor bug fixes and security enhancements applied to the CMS code. The second update was…
KingComposer WordPress Plugin Has a Reflected XSS Bug
The KingComposer WordPress plugin has been found to contain several vulnerabilities that could lead to access control over compromised sites. The plugin has been installed on more than 100,000 sites. During their investigation, Wordfence researchers discovered an unpatched reflected cross-site…
Vulnerabilities in WordPress Themes Put Millions of Sites at Risk
Security researchers recently detected a large-scale malicious campaign targeting themes that utilize the Epsilon Framework. Threat actors took advantage of Function Injection vulnerabilities in a number of WordPress themes. Epsilon Framework vulnerabilities in WordPress themes put millions of sites at…
Critical Bugs in Ultimate Member WordPress Plugin Endanger 100K Sites
Is your WordPress site using the Ultimate Member plugin? If so, you should be aware that the plugin contains critical privilege escalation vulnerabilities. To avoid any issues, you should update the plugin to the latest available version, 2.1.12, which was…
Akamai Hosted Websites Subjected to New Largest DDoS Attack
A powerful distributed denial-of-service attack hit a specific website hosted by a popular service provider – Akamai. The record-breaking 1.44 terabits per second and 385 million packets-per-second make the attack the most powerful DDoS so far. A second outbreak that…
Advanced Access Manager WordPress Plugin: Vulnerable
Researchers unearthed two vulnerabilities in a well-known plugin for WordPress, called Advanced Access Manager. The plugin has more than 100,000 installations. One of the security issues is severe and could lead to privilege escalation and site takeover, so if your…
Attacks against Sites Running a Vulnerable Version of File Manager Plugin
Security researchers recently reported a File Manager plugin vulnerability. Which initially endangered more than 700,000 WordPress sites. However, in a few days, the number of attacked sites reached 2.6 million. Multiple Attackers Exploiting the File Manager Plugin Vulnerability According to…
GoDaddy Suffers Data Breach: SSH Accounts Were Accessed
GoDaddy’s has suffered an enormous data breach, in which an unauthorized individual accessed SSH accounts in the company’s hosting environment. According to the official statement, there is no evidence that “any files were added or modified on your account”. The…
Critical Zero-Day in Elementor Pro Plugin Puts 1M WordPress Sites at Risk
Wordfence researchers recently reported active exploitation of security flaws in two related WordPress plugins – Elementor Pro and Ultimate Addons for Elementor. Because of these vulnerabilities, more than 1 million sites are at risk. It is important to note that…
2.3 Tbps DDoS Attack Hit AWS, and It’s the Largest One So Far
The largest DDoS attack ever took place this February, according to Amazon. The company recently shared a report in which the incident was detailed, including other web attacks mitigated by Amazon’s AWS Shield protection service. The DDoS attack, specifically, reached…
Adning Advertising WordPress Plugin Contains Critical Vulnerabilities
In late June 2020, researchers discovered two vulnerabilities in the Adning Advertising plugin. One of them was critical, with a CVSS (Common Vulnerability Scoring System) score of 10. The Adning plugin is a premium plugin with more than 8,000 customers.…
Comments – wpDiscuz WordPress Plugin Contains Critical Vulnerability
A critical vulnerability was discovered in the Comments – wpDiscuz WordPress plugin which has been installed on more than 80,000 sites. The vulnerability has already been fixed. Affected versions of the plugin include versions 7.0.0 – 7.0.4. According to Wordfence…
Magento Receives Security Updates for Critical Vulnerabilities
Two code execution vulnerabilities were fixed by Adobe in Magento Commerce versions 2.3.5-p1 and earlier, and Magento Open Source versions 2.3.5-p1 and earlier. One of the vulnerabilities is rated as critical (CVE-2020-9689), and the other one as important (CVE-2020-9691). Vulnerabilities…
Bugs in Newsletter Plugin for WordPress Put 300,000 Sites at Risk
Newsletter is a WordPress plugin with more than 300,000 installations. Unfortunately, security researchers at Wordfence recently discovered a set of vulnerabilities in the Newsletter plugin – one was recently patched, and other two which were more severe. The latter flaws…
Quiz and Survey Master WordPress Plugin Contains Critical Flaws
Yet another vulnerable plugin was recently discovered by the Wordfence (Defiance) team. Two security flaws were unveiled in Quiz and Survey Master (QSM) WordPress plugin installed on more than 30,000 sites. Quiz and Survey Master is easy to use add…
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust howtohosting.guide for reliable hosting insights and sincerity.