Website Takeover
Forminator plugin flaw exposes WordPress sites to takeover attacks
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is tracked as CVE-2025-6463 and has a high-severity impact (CVSS 8.8 score). It impacts all versions of Forminator up to 1.44.2. Forminator Forms is a plugin developed by WPMU DEV. It offers a […]
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO. The unauthenticated privilege escalation vulnerability (CVE-2024-28000) […]
Sitting Ducks DNS attacks let hackers hijack over 35,000 domains
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner’s account at the DNS provider or registrar. In a Sitting Ducks attack, cybercriminals exploit configuration shortcomings at the registrar level and insufficient ownership verification at DNS providers. Researchers at DNS-focused security vendor Infoblox […]