The New version of WordPress 4.9.3 broke the automatic update function

The New version of WordPress 4.9.3 broke the automatic update function

Site administrators working on WordPress have had a tough week when, on Monday, February 5 2018, a new version of CMS (WordPress 4.9.3) was published, which was supposed to fix a number of minor problems, but eventually, accidentally, corrupted the ...

Keylogger injection campaign covered 2000 WordPress-sites

The experts found that after the closure of the malicious website cloudflare [.] Solutions, with which hackers downloaded the cryptomayer Coinhive and later Keylogger on hacked WordPress sites, hackers registered three new domain names.
According to PublicWWW, at the moment, ...

Hundreds of sites use malicious WordPress plugins 3 years after they are discovered

14 malicious plug-ins have been removed from the official WordPress catalog by the end of 2014
Cyber security experts from the company White Fir Design reported that several hundred sites continue to use 14 malicious plug-ins WordPress after almost three ...

Malware Wp-Vcd is distributed through “pirate” themes for WordPress

At the end of November 2017,Security specialists discovered a new malware Wp-Vcd
Wp-Vcd attacks sites running WordPress. The malware uses known vulnerabilities in plug-ins or CMS for attacks and they mask themselves as a legitimate WordPress files. If the attack ...

In the popular WordPress plugin Formidable Forms are found and fixed critical vulnerability

The popular Formidable Forms plug-in, available in both free and paid versions, has more than 200,000 active installations. The plugin offers website owners a tool for creating contact pages, polls, polls and other forms
The well-known Finnish researcher Jouko Pynnönen, ...

WordPress plugin detected a backdoor

The backdoor was contained in the fake X-WP-SPAM-SHIELD-PRO plugin
An unknown hacker introduced a backdoor into the source code of the WordPress plugin that masquerades as an anti-spam tool called X-WP-SPAM-SHIELD-PRO.

Apparently, the attacker tried to use the reputation of a ...

The WordPress plugin “Display Widgets” distributes malware

The plug-in “Display Widgets”, numbering more than 200 thousand installations, was finally removed from the plug-ins directory to WordPress after a series of incidents, which resulted in the substitution of malicious code for new releases.

This code was a backdoor allowing ...