Buggy WordPress plugin allows complete site takeover • The Register

Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.

Traced as CVE-2021-24284, the vuln targets Kaswara Modern WPBakery Page Builder Addons and, if exploited, it would allow criminals to upload malicious JavaScript files and even completely take over an organization’s website.

Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks — the WordPress security shop claims it blocked an average of…


More Info

TopDevelopers.co announces list of Fastest growing WordPress Development Companies for July 2022

List of fastest growing wordpress developers for July 2022

Find only the best WordPress Developers for your business popular for delivering quality.

SAN FRANCISCO, CALIFORNIA, UNITED STATES, July 15, 2022 /EINPresswire.com/ — Web developers know that a well built appealing website can catapult revenue generation of the site owners easier. When it comes to any websites or blogs, a constructive content management system and easy edit options are vital. Interactive and well designed websites and proper CMSs can help any business or blog,…


More Info

TopDevelopers.co announces list of Fastest growing WordPress Development Companies for July 2022

List of fastest growing wordpress developers for July 2022

Find only the best WordPress Developers for your business popular for delivering quality.

SAN FRANCISCO, CALIFORNIA, UNITED STATES, July 15, 2022 /EINPresswire.com/ — Web developers know that a well built appealing website can catapult revenue generation of the site owners easier. When it comes to any websites or blogs, a constructive content management system and easy edit options are vital. Interactive and well designed websites and proper CMSs can help any business or blog,…


More Info

Attackers scan 1.6 million WordPress sites for vulnerable plugin

Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication.

The attackers are targeting the Kaswara Modern WPBakery Page Builder, which has been abandoned by its author before receiving a patch for a critical severity flaw tracked as CVE-2021-24284.

The vulnerability would allow an unauthenticated attacker to inject malicious Javascript to sites using any version of the plugin and perform actions like uploading and deleting files, which could lead to…


More Info

PayPal phishing kit added to hacked WordPress sites for full ID theft

A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos.

Over 400 million individuals and companies are using PayPal as an online payment solution.

The kit is hosted on legitimate WordPress websites that have been hacked, which allows it to evade detection to a certain degree.

Breaching websites with weak login

Researchers at internet technology company Akamai found the phishing kit after the threat actor planted it on their WordPress honeypot.

The threat actor…


More Info

WordPress Performance Team Proposes Adding Persistent Object Cache and Full Page Cache to Site Health Checks – WP Tavern

In the near future, WordPress may be able to provide better caching recommendations for site owners. Performance team contributors are proposing two new Site Health checks for Persistent Object Cache and Full Page Cache. The modules have been tested inside the Performance Lab plugin and version 1.2.0 has them both in a state the team says is ready for merging into core.

Here is an example of what users might see on the Site Health screen if page caching is not detected:

The modules are extensible so hosting companies and developers can further customize the output that users…


More Info

SEO: WordPress Plugins to Surface Older Posts

A challenge of optimizing a blog for organic search is that older articles fade into the archives. The result is fewer internal links to that dated content and a gradual loss of rankings.

Luckily for WordPress users, there are plugins that facilitate internal links no matter the post’s age, solving the problem.

What follows are my favorite WordPress plugins to surface older content. The list is deliberately short, as I prefer minimizing installed plugins. I’ve focused on scalable internal linking strategies:

  • Related posts,
  • Popular posts,
  • Contextual linking,
  • Internal…

More Info

WordPress Themes Team Contributors Get Pushback on Proposal to Improve Block Themes’ Visibility in the Directory – WP Tavern

Seven weeks ago, WordPress Theme Team contributors proposed several ideas for improving block themes’ visibility on WordPress.org. These included the possibility of changing the popular themes algorithm to more prominently feature block themes, and/or adding a new “Block” menu item next to Popular and Latest on the themes directory home page.

The directory is going through some growing pains as themes that are compatible with the site editor are the only ones that offer access to everything WordPress has to offer in the new paradigm of blocks. Yet, the 94 available block themes…


More Info

Infected WordPress Site Reveals Malicious C&C Script

Bitcoin prices are down 60% year to date, trading far from the all-time highs of $69,000 seen last November. Some altcoins have plummeted even farther in value, with digital currencies collapsing in value in the past six months.

DevOps Connect:DevSecOps @ RSAC 2022

While we can collectively agree that cryptocurrencies are incredibly volatile and currently on a downward trajectory – this hasn’t completely deterred attackers from trying to exploit compromised websites and servers to mine for them.

Cryptomining infections accounted for less than 4% of total detections last year.

Continue reading Infected WordPress Site…


More Info

Participate in our WordPress security survey and win

Today we are launching our very first WordPress security survey. The aim of this survey is to understand how WordPress administrators and owners view and manage basic security tasks on their WordPress websites. While we have carried out surveys in the past, this survey is perhaps more ambitious than what we have previously done.

What’s in it for you?

We have designed this survey with our customers and the WordPress community in mind. While security remains an important topic, it is often seen as a black box with no easy way to understand whether your efforts go the distance.

We also…


More Info