Admin
WooCommerce admins targeted by fake security patches that hijack sites
A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a “critical patch” that adds a WordPress backdoor to the site. Recipients that take the bait and download the update are actually installing a malicious plugin that creates a hidden admin account on their website, downloads web shell payloads, and maintains […]
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO. The unauthenticated privilege escalation vulnerability (CVE-2024-28000) […]