Threat Post

WP Live Chat WordPress Plugin Re-Patches File Upload Flaw

After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. A WordPress plugin vulnerability found in WP Live Chat could allow an attacker ...
Threat Post

WordPress File Management Plugin Riddled with Critical Bugs

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution. A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File ...
Bleeping Computer

Critical Forminator plugin flaw impacts over 300k WordPress sites

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. Forminator by WPMU DEV is a custom ...
Bleeping Computer

Hackers target WordPress calendar plugin used by 150,000 sites

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute ...
ZDNet

WordPress File Manager plugin flaw causing website hijack exploited in the wild

The file in question was pulled by third-party dependency elFinder and used as a code reference. An extension added to the file, the rename of connector-minimal.php-dist to connector-minimal.php, was ...