Vulnerabilità e Bollettini gestiti - Periodo 2024

280 Vulnerabilities

  • Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin
22/04 - 28/04

202 Vulnerabilities

  • Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express WordPress Plugin
  • SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin
08/04 - 14/04

173 Vulnerabilities

  • Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin
  • Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin
  • Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core
01/04 - 07/04

375 Vulnerabilities

  • Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin
  • Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin
25/03 - 31/03

89 Vulnerabilities

18/03 - 24/03

159 Vulnerabilities

  • Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin
  • Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin
  • SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin
  • Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin
11/03 - 17/03

72 Vulnerabilities

  • Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins
04/03 - 10/03

77 Vulnerabilities

  • Unauthenticated SQL Injection Vulnerability Patched in Ultimate Member WordPress Plugin
  • Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme
19/02 - 25/02

76 Vulnerabilities

  • SQL Injection Vulnerability Patched in RSS Aggregator by Feedzy WordPress Plugin
  • Privilege Escalation Vulnerability Patched in Academy LMS WordPress Plugin
12/02 - 18/02

95 Vulnerabilities

05/02 - 11/02

122 Vulnerabilities

  • Local File Inclusion Vulnerability Patched in Shield Security WordPress Plugin
  • Researcher for Discovering Vulnerability in Popular Cookie Information Plugin
29/01 - 04/02

52 Vulnerabilities

  • Learn All About WordPress Bug Bounty From A Wordfence Senior Researcher
  • Arbitrary File Deletion Vulnerability Patched in MW WP Form WordPress Plugin
  • The WordPress 6.4.3 Security Update
22/01 - 28/01

84 Vulnerabilities

  • High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin
15/01 - 21/01

67 Vulnerabilities

  • Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin
08/01 - 14/01

85 Vulnerabilities

  • Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin
01/01 - 07/01
Vulnerabilità e Bollettini gestiti - Periodo 2023
  • Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata
  • PSA: YITH WooCommerce Gift Cards Premium Plugin Exploited in the Wild
  • Eleven Vulnerabilities Patched in Royal Elementor Addons
  • Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells
  • PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money
  • Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
  • High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder
  • All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched
  • The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common
  • Weekly WordPress Vulnerability Report for Feb 20-26, 2023
  • PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time
  • WordPress Vulnerability Report for Feb 27th- Mar 5th, 2023
  • Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover
  • WordPress Vulnerability Report for Mar 6th- Mar 12th, 2023
  • Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched
  • WordPress Vulnerability Report for Mar 13th – Mar 19th, 2023
  • PSA: Update Now! Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover
  • WordPress Vulnerability Report for Mar 20th – Mar 26th, 2023
  • WordPress Vulnerability Report for Mar 27th – Apr 2nd, 2023
  • Update Now! Severe Vulnerability Impacting 600,000 Sites Patched in Limit Login Attempts
  • Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin
  • Hiding in Plain Sight: Cross-Site Scripting Vulnerabilities Patched in Weaver Products
  • Blubrry Addresses Authenticated Stored XSS Vulnerability in PowerPress WordPress Plugin
  • Multiple Vulnerabilities Patched in Shield Security
  • WordPress Core 6.2.1 Security & Maintenance Release – What You Need to Know
  • PSA: Attackers Actively Exploiting Critical Vulnerability in Essential Addons for Elementor
  • WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
  • Credential-Stealing Server Side Request Forgery Patched in Getwid
  • Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities
  • Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin
  • StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
  • Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin
  • miniOrange Addresses Authentication Bypass Vulnerability in WordPress Social Login and Register WordPress Plugin
  • PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited
  • Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin
  • Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
  • WebToffee Addresses Authentication Bypass Vulnerability in Stripe Payment Plugin for WooCommerce WordPress Plugin
  • weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin
  • Threat Actors Using Obfuscation in Attempt to Evade Detection
  • Critical Privilege Escalation Vulnerability in Charitable WordPress Plugin Affects Over 10,000 sites
  • Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin
  • Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin
  • Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
  • Backdoor Masquerading as Legitimate Plugin
  • PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates Being Actively Exploited
  • 4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LightSpeed Cache Plugin
  • Several Critical Vulnerabilities Patched in AI ChatBot Plugin for WordPress
  • Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
  • PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
  • Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
  • PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
  • PSA: High Severity File Upload Vulnerability in Elementor Patched
  • Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
Vulnerabilità e Bollettini gestiti Ottobre-Novembre-Dicembre 2022
  • National Cyber Security Awareness Month: You Could Be the Biggest Threat to Your WordPress Site
  • Patch Now: The WordPress 6.0.3 Security Update Contains Important Fixes
  • What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script
  • Missing Authorization Vulnerability in Blog2Social Plugin
  • Russian Hacktivist Group Targets Political Websites with DDOS Attacks
  • Not Just for the Government: Using the NIST Framework to Secure WordPress
  • Configuration Probing: Your Backups Might Be Your Greatest Weakness
  • Spikes in Attacks Serve as a Reminder to Update Plugins
Vulnerabilità e Bollettini gestiti Luglio-Agosto-Settembre 2022
  • PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability
  • Analyzing Attack Data and Trends Targeting Log4j
  • High Severity Vulnerability Patched in Download Manager Plugin
  • Cross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin
  • PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
  • PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild
  • Cross-Site Scripting: The Real WordPress Supervillain
Vulnerabilità e Bollettini gestiti Maggio-Giugno 2022
  • Millions of Attacks Target Tatsu Builder Plugin
  • Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
  • Cross-Site Scripting Vulnerability Discovered In Download Manager Plugin
  • PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin
Vulnerabilità e Bollettini gestiti Marzo-Aprile 2022
  • Reflected Cross-Site Scripting Vulnerability in Header Footer Code Manager Plugin
  • Entering a Higher State of Vigilance – Ukraine Under Attack
  • Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin
  • Ukraine Universities Hacked By Brazilian Via Finland As Russian Invasion Started – And Free Threat Intel for UA sites
  • We’re Now Blocking 10,000 Requests Per Hour in Ukraine From Known Malicious Ips
  • WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
  • Increase In Malware Sightings on GoDaddy Managed Hosting
  • Reflected Cross-Site Scripting Vulnerability in Spam protection, AntiSpam, FireWall by CleanTalk
  • Critical Authentication Bypass Vulnerability Patched in SiteGround Security Plugin
  • Critical Remote Code Execution Vulnerability in Elementor
  • PHP Object Injection Vulnerability in Booking Calendar Plugin
Vulnerabilità e Bollettini gestiti Gennaio-Febbraio 2022
  • WordPress 5.8.3 Security Release
  • 84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability
  • Unauthenticated XSS Vulnerability Patched in HTML Email Template Designer Plugin
  • Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
  • Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin
  • Reflected Cross-Site Scripting Vulnerability Patched in WordPress Profile Builder Plugin
  • Vulnerability in UpdraftPlus Allowed Subscribers to Download Sensitive Backups