Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites.

Up to 50,000 websites are estimated to still run a vulnerable version of the plugin, although a patch has been available since early April.

Large attack waves started on May 10, 2022 and peaked four days later. Exploitation is currently ongoing.

Tatsu Builder is a popular plugin that offers powerful template editing features integrated right into the web browser.

The targeted vulnerability is CVE-2021-25094,…

For 95 years, the people living in the McDowell County coalfields have depended on The Welch News for local coverage of important events. The county sits at the southernmost point of state, with a declining population of 18,363 and a median household income of $27,682.

In the 1950’s, at the apex of the mining industry’s economic influence, McDowell County had close to 100,000 people living there. They mined the coal that built much of the infrastructure for American cities. After the industry became more mechanized and many…

A years-long campaign by miscreants to insert malicious JavaScript into vulnerable WordPress sites, so that visitors are redirected to scam websites, has been documented by reverse-engineers.

An investigation by analysts at Sucuri into malware found on WordPress installations revealed a much larger and ongoing campaign that last month, we’re told, hijacked more than 6,600 websites. The team has seen a spike in complaints this month related to the intrusions, according to analyst Krasimir Konov.

“The websites all shared a common issue — malicious JavaScript had been injected within their…

Cybersecurity researchers have disclosed a massive campaign that’s responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

“The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including legitimate core WordPress files,” Krasimir Konov, a malware analyst at Sucuri, said in a report published Wednesday.

This involved infecting files such as jquery.min.js and jquery-migrate.min.js…

For the first time in WordPress’ nearly 19-year history, the software’s usage stats are showing signs of declining market share. Its remarkable ascension to 43.3% market share took a turn in March 2022 and usage has slowly declined since then, according to a new WordPress market share report from Joost de Valk that references stats from W3Techs.

In a post titled “WordPress’ Market Share Is Shrinking,” de Valk highlighted the numbers from the last few months, which now conclusively demonstrate a decline:

Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic.

As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into compromised WordPress websites. This campaign leverages known vulnerabilities in WordPress themes and plugins and has impacted an enormous number of websites over the…

Since CAPTCHA was first introduced, it has undergone various iterations and evolutions. With each step, the aim always has been to make it easier for humans and more challenging for non-humans to pass the test. Over time, this led to several different types of CAPTCHA checks being used.

CAPTCHA tests must also consider accessibility features such as screen readers used by visually impaired people. Since these function like a bot, it can make the entire process somewhat counterintuitive. Even so, this has been one of the motivators behind the evolution of CAPTCHA checks.

It is also…

And another theme shop hops on the block bandwagon. Catch Themes’ first block-based theme, Catch FSE, landed on WordPress.org over the weekend.

The company is one of the most prolific authors in the official WordPress theme directory, touting a total of 109 themes. There are only a few others with such an impressive body of work, at least in sheer numbers. Averaging over 10 new releases each year for the last decade is no small feat, and that just accounts for the company’s free themes.

At a time when WordPress is still in a transitioning phase between classic, PHP-based themes…

If you want the freedom to shape your WordPress website to your heart’s content, you might be considering shifting it from WordPress.com to WordPress.org. However, before starting with the steps you’ll want to make, let’s clear up the differences between WordPress.com and WordPress.org. 

The main difference between WordPress.com and WordPress.org is that with WordPress.com you’ll get a web hosting service while with WordPress.org you’ll have to find one on your own and install WordPress software on it. So, in short, WordPress.com is easier to start out with, but it offers less…

If you want the freedom to shape your WordPress website to your heart’s content, you might be considering shifting it from WordPress.com to WordPress.org. However, before starting with the steps you’ll want to make, let’s clear up the differences between WordPress.com and WordPress.org. 

The main difference between WordPress.com and WordPress.org is that with WordPress.com you’ll get a web hosting service while with WordPress.org you’ll have to find one on your own and install WordPress software on it. So, in short, WordPress.com is easier to start out with, but it offers less…