Tag: plugins
5 articles

Slider Revolution Risky Flaw: Must-Have Patch Guide
A newly disclosed vulnerability in Slider Revolution — found on roughly four million WordPress sites — can expose private files and credentials, so site owners should urgently update or remove bundled copies and scan for signs of unauthorized access. Take immediate steps: apply patches, rotate exposed keys, and use WAF/server rules to block risky endpoints while you audit your sites.

AI browsers Risky: Stunning Security Wake-Up
A new SquareX Labs analysis warns that AI browsers—promising smarter, hands‑free browsing—may open fresh security gaps by blending models, plugins and persistent state, creating new attack surfaces for credential theft and model poisoning. Users and enterprises should treat AI-driven suggestions cautiously and push for stronger sandboxing, permission controls and oversight before convenience outpaces safety.

authentication bypass: Critical, Dangerous Exploit
Thousands of WordPress sites are at risk after a critical authentication bypass (CVE-2025-5947, CVSS 9.8) in the Service Finder theme and bundled Bookings plugin is being actively exploited — attackers can log in as any user, including admins. If you run that theme, update or disable it now, audit for signs of compromise, and restore from clean backups if needed.

WordPress themes and plugins: Risky Must-Have Fix
A routine verification prompt can hide a dangerous trap: attackers are hijacking WordPress themes and plugins to inject stealthy JavaScript that redirects visitors to convincing phishing pages. Keep themes and plugins updated, use strong admin controls and a WAF, and vet all extensions to stop these silent, high-impact compromises before they spread.

Paid Memberships Subscription plugin Urgent Exclusive Risk
A critical unauthenticated SQL injection was found in the Paid Memberships Subscription plugin, putting thousands of WordPress membership sites at risk. If you use the plugin, check your version and apply the patch or disable it now to protect user data and memberships.