The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be storing plaintext passwords from user login attempts in the site’s database. This put account security at risk, as anyone with access to…
Ultimate Member is a WordPress plugin that facilitates user sign-ups and building communities on WordPress sites. It currently has over 200,000 active installations according to its page in the WordPress plugin directory. A zero-day vulnerability in Ultimate Member has been…
A critical security flaw in the miniOrange Social Login and Register plugin for WordPress could allow an attacker to log in as any user, even if they do not know the password. The flaw, which has been assigned the identifier…
A critical security vulnerability has recently been exposed in the widely-used WordPress plugin “Abandoned Cart Lite for WooCommerce,” which is currently installed on over 30,000 websites. This newly discovered flaw has the potential to grant unauthorized access to user accounts…
As of May 2023, an official CVE designation is still pending for a vulnerability in Elementor Pro that allows authenticated users (e.g., standard e-commerce customers) to gain total control of websites running Elementor Pro 3.11.6 or earlier, alongside an activated…
Automattic, the company behind WordPress.com, has announced the launch of Jetpack AI Assistant, an AI writing tool that integrates with the WordPress editor and is also available through the Jetpack plugin. Jetpack AI Assistant can be used to create unlimited…
A vulnerability has been discovered in the WooCommerce Stripe payment gateway plugin that could allow hackers to steal customer personally identifiable information (PII) from stores using the plugin. The vulnerability, which has been rated 7.5 on a scale of 1…