WordPress plugin - Geek Feed

WPForms bug allows Stripe refunds on millions of WordPress sites

December 11, 2024December 11, 2024 geekfeed0Tagged Plugin, Stripe, Website, wordpress, WordPress plugin, WPForms

A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. Tracked under CVE-2024-11205, the flaw was categorized as a high-severity problem due to the authentication prerequisite. However, given that membership systems are available on most sites, exploitation may be fairly […]

2 mins read

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

August 22, 2024August 22, 2024 geekfeed0Tagged Admin, critical vulnerability, LiteSpeed Cache, Plugin, takeover attacks, Website Takeover, wordpress, wordpress litespeed cache bug, WordPress plugin

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO. The unauthenticated privilege escalation vulnerability (CVE-2024-28000) […]

2 mins read