Experts warn of attacks exploiting WordPress gift card plugin

Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to […]

Continue Reading

Massive Black hat SEO campaign used +15K WordPress sites

Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals. Since September 2022, researchers from security firm Sucuri have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The campaign’s end goal appears to be black hat SEO aimed at […]

Continue Reading

Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin

Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites. The WPGateway plugin is a premium plugin that allows users of […]

Continue Reading