Top 50 Most Attacked WordPress Plugins This Week

Last week we shared the top 20 most attacked WordPress themes and an explanation of why many of them are targeted. This week we’ve dug deep into the data and we are publishing the top 50 most attacked WordPress plugins during the past 7 days. The data we’re sharing today is based on the following…

404 to 301 Plugin Considered Harmful

Yesterday we received a site cleaning request where one of our customers was seeing spammy links, Payday Loans in this case, injected into their WordPress website page content. The links were only appearing when the site was visited by a search engine crawler. This is common when a site has been hacked. An extract from the…

Vulnerability in User Role Editor – Users Can Become Admins

There is a major vulnerability in a popular plugin with over 300,000 active installs: User Role Editor 4.24 and older. The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole. If you are running User Role Editor, upgrade to the newest version which is 4.25…

A Backdoored WordPress Plugin and 3 Additional Vulnerabilities

We have several plugin vulnerabilities we’d like to bring to your attention this week. First up is a backdoor that was added to the Custom Content Type Manager plugin. The backdoor was added by a malicious coder who gained access to the plugin code in the official WordPress plugin repository. It’s unclear whether the plugin…