Bleeping Computer

Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects

WordPress websites using unpatched Social Warfare installations (v3.5.1 and v3.5.2) are exposed to attacks abusing a stored Cross-Site Scripting (XSS) vulnerability fixed in the 3.5.3 version of the ...
Bleeping Computer

Wordpress Slick Popup Plugin Contains Vulnerable Support Backdoor

Hackers subscribed to WordPress websites running Slick Popup plugin can take over the website by enabling a backdoor administrator account with hardcoded credentials. The vulnerability is active at ...
Threat Post

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. For the second time this month a patch has been ...