Awesome Motive’s WP Forms plugin has patched a Missing Authorization to Payment Refund and Subscription Cancellation vulnerability. This issue allowed authenticated attackers with Subscriber-level access or higher to refund Stripe payments and cancel subscriptions without proper authorization. Wordfence reports that “The WPForms plugin for WordPress is vulnerable to unauthorized modification of data …
Microsoft recently detected a North Korean cyber group, Citrine Sleet, exploiting a security vulnerability in Chromium-based browsers, including Google Chrome. This flaw allowed attackers to execute malicious code on compromised devices. Citrine Sleet used advanced tactics, such as fake cryptocurrency websites, to conduct their attacks. North Korean Cyber Group Citrine Sleet Exploits Chromium Zero-Day Vulnerability […]
The popular WordPress Multilingual plugin, WPML, which is installed on over 1,000,000 websites, has patched a Remote Code Execution (RCE) vulnerability (CVE-2024-6386) that researchers have classified as “Critical,” with a CVSS score of 9.9. Users are strongly advised to update their websites to the patched version, WPML 4.6.13. Security researcher …
The LiteSpeed Cache Plugin, widely used to enhance the speed and performance of WordPress websites, recently patched a critical unauthenticated privilege escalation vulnerability (CVE-2024-28000). With over 5 million active installations, this plugin is a critical tool for many WordPress users. John Blackbourn, a member of the Patchstack Alliance community, reported the …
GiveWP, a popular donation plugin for WordPress, has patched an unauthenticated PHP Object Injection to Remote Code Execution vulnerability that could be exploited to execute arbitrary code remotely and delete files. This plugin from the Liquid Web family of products has 100k+ active installs. villu164 (Villu Orav) reported the vulnerability through the Wordfence …