Threat Post

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...
Searchenginejournal.com

WordPress 5.7.2 Patches a Critical Vulnerability

A WordPress vulnerability rated as critical has been patched. Although the exploit is labeled as critical, one security researcher states that the likelihood of the vulnerability being exploited is ...
Bleeping Computer

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use ...
Searchenginejournal.com

Better Search Replace WordPress Vulnerability Affects Up To +1 Million Sites

A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to ...
Bleeping Computer

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL ...
Dark Reading

WordPress Vulnerable to SQL Injection

Duplicate Page is an open source pluginfor WordPress that does just what you think it will do. It duplicates pages. There are over 800,000 installations of the plugin. It will duplicate pages, posts ...
Threat Post

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs. Two high-severity vulnerabilities in Post Grid, a WordPress plugin ...