Searchenginejournal.com

WordPress LiteSpeed Plugin Vulnerability Affects 4 Million Websites

The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts. LiteSpeed was notified of the vulnerability two ...
Searchenginejournal.com

Vulnerabilities In WooCommerce And Dokan Pro Plugins

WooCommerce published an advisory about an XSS vulnerability while Wordfence simultaneously advised about a critical vulnerability in a WooCommerce plugin named Dokan Pro. The advisory about Dokan Pro ...
Dark Reading

Gallup Addresses XSS Bugs in Website

Editor's Note: Dark Reading has become aware that a portion of the original Checkmarx research on these vulnerabilities is in dispute, prompting us to retract sections of our reporting below. As ...
Dark Reading

Single HTTP Request Can Exploit 6M WordPress Sites

A WordPress plug-in installed more than 6 million times is vulnerable to a cross-site scripting flaw (XSS) that allows attackers to escalate privileges and potentially install malicious code to enable ...
WeLiveSecurity

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...