Wordpress News

Google Site Kit WordPress Plugin Vulnerability

A vulnerability was discovered in Google’s Site Kit WordPress plugin and subsequently patched. The vulnerability allows an attacker to escalate site privileges and attack a victims search visibility,  alter site maps and more. Google Site Kit WordPress Plugin The vulnerability affects Site Kit by Google. Google Site Kit is a Google WordPress. Google Site Kit displays information about your site within the WordPress Admin dashboard. It aggregates information from Google Search Console (GSC), Google Analytics, AdSense, Page Speed Insights and other Google tools. Researchers at WordFence ( More Info

Read More »

Nearly a million WordPress sites targeted in extensive attacks

A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s only in the past few days that they’ve truly ramped up, to the point where more than 20 million attacks were attempted against more than half a million individual sites on May 3, 2020,” Wordfence analysts discovered. “Over the course of the past month in total, we’ve detected over 24,000 distinct IP addresses sending requests… More Info

Read More »

Nearly 900,000 WordPress Sites Targeted in a Hacking Campaign

Threat actors tried to hack nearly one million WordPress sites in the last week, according to a security alert issued by cybersecurity firm Wordfence. The threat intelligence team at Wordfence stated that hackers launched attacks from 24,000 different IP addresses and tried to break into more than 900,000 WordPress sites. It was found that since April 28, 2020, unknown hackers engaged in this massive campaign that caused a 30 times increase in the volume of attack traffic. The attacks peaked on May 3, 2020, when the group launched more than 20 million hacking attempts… More Info

Read More »

Jetack 8.5 Adds New Podcast Player Block – WordPress Tavern

Jetpack 8.5 was released today with a new podcast player block for sharing audio content. Configuring the block is as simple as entering the podcast RSS feed URL. This will automatically bring in the cover art and recent episodes. Block options allow for further customization of the display, including the number of episodes, colors, and the ability to show/hide cover art and episode descriptions. Jetpack’s new podcast player has arrived just in time, as podcasting has gotten a little boost in recent months due to the large numbers of people under stay-at-home orders…. More Info

Read More »

A hacker group tried to hijack 900,000 WordPress sites over the last week

A hacker group has attempted to hijack nearly one million WordPress sites in the last seven, according to a security alert issued today by cyber-security firm Wordfence. The company says that since April 28, this particular hacker group has engaged in a hacking campaign of massive proportions that caused a 30x uptick in the volume of attack traffic Wordfence has tracking. “While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s… More Info

Read More »

Find My Blocks Plugin Shows All Blocks in Use on a WordPress Site – WordPress Tavern

How do you know what blocks are in use on a WordPress site? I recently saw a tweet asking this question in regards to knowing whether it is safe to turn off a plugin. This seems like it could become a common question, especially for those who have hundreds or thousands of blog posts as well as those using WordPress as a CMS. How hard would it be to create a plugin that let’s me know how many and which blocks I’m using site wide? Sometimes I wonder if I can deactivate a block plugin but I don’t know if I’m using a block it provides. — Nick Hamze (@NickHamze) April 23,… More Info

Read More »

Researchers Discover Multiple WordPress Security Exploits In Popular E-Learning Platforms

As the coronavirus pandemic continues around the world, everyone’s lives have changed. The way we work and learn is significantly different now than it was only a few months ago as people shelter in place, and offices and schools around the globe have been forced to move to a distance model. Teaching from home has forced educational institutions everywhere to quickly move to online learning and to implement new systems to support the shift. Security researchers at Check Point Research decided to audit the security of several of the most popular Learning Management Systems (LMS) that are… More Info

Read More »

WordPress Vulnerability Update – Search Engine Journal

WordPress announced an update that fixes seventeen bug fixes and seven vulnerabilities. WordPress is automatically updating sites to WordPress 5.4.1. It is important to check that your WordPress installation is updated to version WordPress 5.4.1. Cross-site Scripting Vulnerabilities WordPress patched it’s software to address multiple Cross-site scripting (XSS) vulnerabilities. There are two kinds, XSS and Authenticated XSS. A cross-site scripting (XSS) vulnerability allows an attacker to inject a malicious script on a vulnerable web page. An authenticated cross-site scripting (Authenticated… More Info

Read More »

Ninja Forms WordPress plugin patch prevents takeover of 1M sites

The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over websites using an unpatched version of the plugin. The vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks and it affects all Ninja Forms versions up to 3.4.24.2. Attackers can exploit this Ninja Forms bug by tricking WordPress admins into clicking specially crafted links that inject malicious JavaScript code as part of a… More Info

Read More »

Ninja Forms WordPress Plugin Vulnerability

Popular WordPress Forms plugin Ninja Form recently updated their plugin to patch a severe vulnerability. The vulnerability is rated a high severity because it could allow an attacker to steal admin level access and take over the entire website. Cross-Site Request Forgery Vulnerability The exploit that is causing this is called Cross-Site Request Forgery. This kind of vulnerability exploits a lack of a normal security check which then allows an attacker to upload or replace files and even gain administrative access. This is how the Common Weakness Enumeration site, describes this kind of… More Info

Read More »