Threat Post

Anti-Spam WordPress Plugin Could Expose Website User Data

‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in. An SQL-injection vulnerability ...
Threat Post

Rogue WordPress Plugin Allowed Spam Injection

A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites. A popular WordPress plugin called Display Widgets ...
Searchenginejournal.com

WordPress Anti-Spam Plugin Vulnerability Hits 200k+ Sites

A flaw in a WordPress anti-spam plugin with over 200,000 installations allows rogue plugins to be installed on affected websites. Security researchers rated the vulnerability 9.8 out of 10, reflecting ...
Searchenginejournal.com

WordPress Anti-Spam Plugin Vulnerability Affects Up To 60,000+ Sites

A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user ...
TechRadar

Top WordPress anti-spam plugin may actually be putting your site at risk of attack

Researchers found two flaws in a popular WordPress plugin Flaws allow threat actors to install malicious plugins and run arbitrary code A patch is already available, so WordPress users should update ...
Bleeping Computer

Hacker Hides Backdoor Inside Fake WordPress Security Plugin

A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO." The attacker was obviously trying to ...