WordPress plugin Spambyebye vulnerable

Three vulnerabilities in LearnPress prior to version 3.1.0 have been discovered. LearnPress is a popular plugin with more than 50.000 installations for the WordPress CMS that can be used to create and sell courses online. LearnPress is similar to Moodle, an open source learning platform.

And yet another WordPress commercial plugin gets exploited in the wild, as Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of a commercial WordPress plugin since the end of january. In this case the fairly popular WP Cost Estimation & Payment Forms Builder plugin developed by Loopus…

Serious vulnerabilities in at least 11 plugins for WordPress are currently being used in an ongoing malware campaign that appears to have started last month. However, the group appears to have changed their tactics two weeks ago. Mikey Veenstra reported on the WordFence website.

The popular WordPress plugin, Social Network Tabs, which has been downloaded over 53.000 times in the past 7 years and is used to help users share content on social media sites, left thousands of linked Twitter accounts exposed to compromise.

Ad Inserter is a popular WordPress plugin for managing advertisements. Last week it appeared that version 2.4.21 and below of the plugin contains two critical vulnerabilities. The developer has since released an update to patch the vulnerabilities. Users are advised to update as quickly as possible.

A serious vulnerability has been discovered in older versions of the popular Code Snippets plugin for WordPress. The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution…

Total Donations is a commercial plugin that helps sites create donation campaigns and accept payments from their visitors and is currently used by many non-profit and political organizations who want to accept donations from donors using a donation form. Attacks on the Total Donations plugins have been tracked over…

The popular GDPR Cookie Consent plugin, which has been downloaded over 700.000 times, was temporarily removed from the WordPress.org plugin repository earlier this week after the developer was notified of a critical bug. Two days later (on February 10) a new version 1.8.3 was released. This new version contains…

WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Newsletter, a free WordPress plugin with more than 300,000 installations, was found to contain multiple vulnerabilities that could eventually lead to the takeover of an affected website. The bugs were discovered by the Wordfence team who notified the developer of the plugin.

A vulnerability in a popular WordPress plugin called the WooCommerce Checkout Manager is potentially putting more than 60,000 websites at risk, researchers say. The WooCommerce Checkout Manager plugin allows WooCommerce users to customize and manage the fields on their checkout pages. The plugin, owned by Visser Labs, is separate…

The Arigato Autoresponder and Newsletter by Kiboko Labs plugin allows scheduling of automated autoresponder messages and newsletters, and managing a mailing list. You can add/edit/delete and import/export members. There is also a registration form which can be placed in any website or blog.

Researchers of the Threat Intelligence team of WordFence have warned on Tuesday that WordPress plugin WP Database Backup contains a critical vulnerability. The developer has since patched this flaw.

Researchers have found a serious bug in the WP Live Chat Support plugin. This is the second time in six weeks that a vulnerability has been found in the plugin which is being used on thousands of WordPress websites. The latest bug allows hackers to inject their own code…

WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and…