Threat Post

Anti-Spam WordPress Plugin Could Expose Website User Data

‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in. An SQL-injection vulnerability ...
TechRadar

Top WordPress anti-spam plugin may actually be putting your site at risk of attack

Researchers found two flaws in a popular WordPress plugin Flaws allow threat actors to install malicious plugins and run arbitrary code A patch is already available, so WordPress users should update ...
Searchenginejournal.com

WordPress Anti-Spam Plugin Vulnerability Hits 200k+ Sites

A flaw in a WordPress anti-spam plugin with over 200,000 installations allows rogue plugins to be installed on affected websites. Security researchers rated the vulnerability 9.8 out of 10, reflecting ...
Threat Post

Rogue WordPress Plugin Allowed Spam Injection

A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites. A popular WordPress plugin called Display Widgets ...
Searchenginejournal.com

WordPress Anti-Spam Plugin Vulnerability Affects Up To 60,000+ Sites

A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user ...
Tennessean

New WordPress Plugin: MUTE Spam Blocker Brings Zero-Code Contact Form Protection to Millions of WordPress Sites

The free plugin is now available on the WordPress Plugin Directory, compatible with Contact Form 7, WPForms, Ninja Forms, and Jetpack Forms — no code required. Contact forms exist for customers — not ...
Bleeping Computer

Hacker Hides Backdoor Inside Fake WordPress Security Plugin

A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO." The attacker was obviously trying to ...