With the Really Simple Security plugin, WordPress users can easily improve the security of their websites with features such as: However, in versions 9.0.0 to 9.1.1.1, an authentication bypass was discovered that, if exploited, would allow a threat actor to gain access to any user account, including administrative accounts. At the time of disclosure on […]
On April 30, 2025, a critical security vulnerability was publicly disclosed in the OttoKit: All-in-One Automation Platform (formerly SureTriggers) WordPress plugin. The flaw allows attackers to gain unauthorized administrative access to WordPress sites under specific conditions, and active exploitation has already begun. What’s the Risk? The vulnerability, tracked as CVE-2025-27007, enables two main attack scenarios:
Critical Vulnerability in OttoKit WordPress Plugin Actively Exploited Read More »
The WordPress Multilingual Plugin (WPML), with over 1,000,000 active installations, was vulnerable to Remote Code Execution (RCE) via a Server-Side Template Injection (SSTI) vulnerability in the Twig template engine. WPML is a premium plugin that provides automatic language translations to build multilingual websites, enabling users to view web pages in different languages. This vulnerability was
The Full Story of CVE-2024-6386: Remote Code Execution in WPML Read More »
Unfortunately, WordPress, the most popular content management system, also attracts its fair share of malicious actors. When a security incident occurs on a WordPress site, conducting a thorough forensic investigation is crucial to understand the attack, identify the vulnerabilities exploited, and gather evidence for potential legal action. Understanding the Importance of WordPress Forensics Key Areas
WordPress Forensic Investigations: Unveiling the Digital Clues Read More »
WordPress is the world’s most widely used CMS (Content Management System). It has a long history of software bugs in its core and plugins, some of which are vulnerabilities (such as SQL injection and remote code execution) that attackers can exploit to leak information from the database. One such type of information is WordPress login
Cracking WordPress Passwords Read More »
The Forminator plugin for WordPress, utilized by over 500,000 sites, has a vulnerability that could let attackers upload files to the server without restrictions. Developed by WPMU DEV, Forminator is a customizable tool for creating contact forms, surveys, quizzes, feedback forms, polls, and payment forms on WordPress. It features drag-and-drop functionality and integrates with many
Over 300,000 WordPress Websites Affected by Critical Forminator Plugin Vulnerability Read More »
The WordPress team is excited to announce the release of the 6.4 Beta 1 version. Kindly avoid using it on main or critical sites. For best results, test this Beta on a designated test platforms. Three methods to test the 6.4 Beta 1: The goal is to launch WordPress 6.4 by November 7, 2023. WordPress
WordPress 6.4 Beta 1 Available for Testing! Read More »
Automattic’s WP.cloud and Pressable.com platforms have recently noticed a disturbing pattern of compromised sites. They found that illegitimate new administrator accounts were continuously appearing on the impacted sites. After investigating this matter, a post on the WordPress.org support forums by Slavic Dragovtev brought to light a potential security problem. The issue revolved around a Privilege
Ongoing Cyberattack Exploits Ultimate Member Plugin Read More »
On March 22, 2023, a significant security flaw was identified in the WooCommerce Payments plugin, a widely used eCommerce payment plugin for WordPress with over 500,000 active installations. Fortunately, white hat security researcher Michael Mazzolini discovered the vulnerability and responsibly disclosed it through HackerOne, allowing websites to install the patched version 5.6.2 before the full
Critical Security Flaw in the WooCommerce Payments plugin Read More »
In today’s digital world, website security is more important than ever. WordPress, the most popular content management system (CMS), is often targeted by hackers. Protecting your WordPress site against cyber threats is crucial to safeguard your data, customers, and online reputation. This blog post will share tips to help you secure your WordPress site from
How to Protect Your WordPress Site Against Hackers: Top Tips for Optimal Security Read More »