WordPress Security News & Updates

December WordPress Vulnerability Roundup

WordPress Vulnerability & Patch Roundup December 2023

Sucuri Malware Research Team
December 28, 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer

Ben Martin
December 21, 2023

One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus…

Read the Post

Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign

Denis Sinegubko
December 14, 2023

On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…

Read the Post

Critical RCE Vulnerability Patched in Backup Migration Plugin

Sucuri Malware Research Team
December 13, 2023

On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days…

Read the Post

How to Scan WordPress for Vulnerabilities

WPScan Intro: How to Scan for WordPress Vulnerabilities

Rianna MacLeod
December 12, 2023

In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding…

Read the Post

November WordPress Vulnerability & Patch Roundup

WordPress Vulnerability & Patch Roundup November 2023

Sucuri Malware Research Team
November 24, 2023

Read the Post

How to Fix the White Screen of Death (WSoD) in WordPress

Troubleshooting WordPress: How to Fix the White Screen of Death (WSoD)

Rianna MacLeod
November 17, 2023

Navigating to your WordPress site only to be met with the White Screen of Death (WSoD) can be a daunting experience. This error denies access…

Read the Post

WordPress Vulnerability & Patch Roundup October 2023

Cesar Anjos
October 30, 2023

Read the Post

How to Secure the WordPress Login Page

Rianna MacLeod
October 24, 2023

Given that WordPress powers millions of websites worldwide, it’s no surprise that it’s a prime target for malicious activities ranging from brute force attacks and…

Read the Post

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

Denis Sinegubko
October 6, 2023

In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin…

Read the Post

Optimizing WordPress: Security Beyond Default Configurations

Ben Martin
October 3, 2023

Default configurations in software are not always the most secure. For example, you might buy a network-attached home security camera from your friendly neighborhood electronics…

Read the Post