The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
Thousands of vulnerable websites need to apply the patch to avoid RCE.
An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials.
The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.
A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.
The high-severity flaw allows malicious code injection into website pop-up windows.
Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.
Researchers are urging users of the GDPR Cookie Consent WordPress plugin to update as soon as possible.
Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic.
An ongoing malvertising campaign is exploiting WordPress plugin vulnerabilities to redirect website visitors to malicious pages.