Tag Archives: WordPress

WordPress: Backdoors in AccessPress Themes and Plugins

[German]WordPress users beware, there are again massive vulnerabilities in WordPress plugins and themes due to a supply chain attack on the provider AccessPress. In dozens of plugins and themes of this provider hackers have built backdoors to hack the sites … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

Advertising

WordPress 5.8.3 released

WordPress version 5.8.3 has been released on January 6, 2022. This new version fixes 4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated … Continue reading

Posted in Software, Update | Tagged , | Leave a comment

How to find weak passwords in Active Directory and eliminate them with PowerShell

[Sponsored Post]Weak or compromised passwords are a known gateway for attackers. If you are able to identify which users in Active Directory (AD) are threatened by this, then PowerShell can help to remedy it. However, PowerShell scripts cannot eliminate basic AD deficits, other tools are needed for this. More ...

WordPress: 800,000 websites compromisable by All in One SEO plugin

[German]The popular WordPress plugin All in One SEO has two vulnerabilities (CVE-2021-25036 and CVE-2021-25037), which make the corresponding installations vulnerable. Since the plugin is quite popular, you should immediately look to get an updated version. Otherwise, the WordPress instance will … Continue reading

Posted in Security | Tagged , | Leave a comment

Advertising

Heavy attacks on 1.6 million WordPress sites (Dec. 9, 2021)

[German]Security vendor WordFence's Threat Intelligence team noticed a dramatic increase in vulnerability attacks on WordPress instances on December 9, 2021. In the past 36 hours, the Wordfence network has blocked over 13.7 million attacks against four different plugins and several … Continue reading

Posted in Security | Tagged , | Leave a comment

WordPress Plugin Hide My WP with SQL Injection Vulnerability

[German]One of the most popular "security" plugins for WordPress, Hide My WP, has just attracted negative attention due to a fat SQL injection vulnerability. Another bug allows an attacker to simply disable the plugin Advertising

Posted in Security, Software | Tagged , | Leave a comment

Advertising

WordPress: Sites hacked via plugin, shows fake ransomware claim (Nov. 2021)

[German]Currently, some operators of WordPress sites are caught on the wrong foot. The affected WordPress instances show a warning that the site is encrypted. A ransom of 0.1 Bitcoin is demanded for decryption. However, the WordPress instance is not encrypted, … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

WordPress 5.8.2 released

The developers have released WordPress 5.8.2 on November 10, 2021. This maintenance and security update fixes a security issue and 2 bugs. The changed files are described here. Here in the blogs the update to the new version was executed … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

WordPress and the wintertime trap for scheduled posts

[German]In the night of October 31, 2021, clocks in Europe will be changed back to winter time (standard time). Currently WordPress is still running on daylight saving time. I have now noticed a small problem when scheduling publications. I wanted … Continue reading

Posted in issue, Software | Tagged , | Leave a comment

Advertising

WordPress: Vulnerability in Ninja Forms Plugin

[German]There is a new vulnerability in the WordPress plugin Ninja Forms that affects all versions up to 3.6.3. An SQL injection is potentially possible via the vulnerability, so that database queries via input fields are conceivable. The plugin provider released … Continue reading

Posted in Security, Software | Tagged , | Leave a comment

WordPress DSGVO Plugin from legalweb.io hacked

[German]The GDPR plugin for WordPress from the provider legalweb.io has been hacked. WordPress installations that have used this plugin are considered compromised. Users are being redirected to malware sites. Here is a brief summary of what I am aware of … Continue reading

Posted in Security, Software | Tagged , | Leave a comment