The Hacker News’ Post

XSS Vulnerabilities Found in WordPress Plugin Slider Revolution - https://lnkd.in/eXAVj6kc #threatintel #slider_revolution #wordpress_security #xss_vulnerability

Do you Know?🤔 Over 90,000 WordPress Sites Exposed Due to Security Flaws in Jupiter X Core Plugin #WordPressSitesExposed #JupiterXCore #Plugins

It is critical to note that threat actors exploit a high-severity vulnerability found in the LiteSpeed Cache plugin for WordPress. They aim to create unauthorized admin accounts on vulnerable websites. Immediate action must be taken to ensure your website is not at risk. https://lnkd.in/e6PNG_Nj

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. — Permalien #vulnérabilité,#wordpress

A popular WordPress plugin “ValvePress Automatic” is being actively exploited by attackers. CVE-2024-27956 (CVSS score = 9.9) is an SQL injection flaw that can allow full site takeovers, versions up to 3.92.0 are vulnerable to the attack with version 3.92.1 resolving the critical flaw. #UpdateNow https://bit.ly/3QnmdYM

A newly discovered vulnerability in the popular LiteSpeed Cache WordPress plugin, installed on over 6 million websites, has left these sites open to a severe cross-site scripting (XSS) attack. This flaw, identified as CVE-2024-47374, allows attackers to execute a single HTTP request to escalate privileges on a WordPress site and potentially install malicious code. The vulnerability was first reported by a security researcher known as “TaiYou” on September 24, 2024, and affects LiteSpeed Cache versions up to 6.5.0.2. Site administrators are urged to update to version 6.5.1 immediately to protect against this risk. Continue Reading. https://lnkd.in/egaSV7_s

LiteSpeed Cache WordPress plugin actively exploited in the wild: Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites. WPScan researchers reported that threat actors are exploiting a high-severity vulnerability in LiteSpeed Cache plugin for WordPress. LiteSpeed Cache for WordPress (LSCWP) is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection […]

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. https://lnkd.in/gJYTMU3P

Another Word Press vulnerability related to plugins. This is a known ValvePress Automatic plugin for WordPress. It can be exploited with SQL injection. This is known as CVE-2024-27956 and has a CVSS score of 9.9. Attackers can gain access to websites, create admin-level user accounts, upload malicious files, and possibly control get control of websites. In the past year, 85 total vulnerabilities were disclosed in the WordPress plugin and theme ecosystem, potentially affecting over 12 million WordPress sites. Other examples were CVE-2024-31211: Unserialization issue in WP_HTML_Token class. CVE-2024-31210: attacker could execute arbitrary PHP code (Remote Code Execution, RCE) https://lnkd.in/gnZyjGXQ