Threat Post

Anti-Spam WordPress Plugin Could Expose Website User Data

‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in. An SQL-injection vulnerability ...
Threat Post

Rogue WordPress Plugin Allowed Spam Injection

A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites. A popular WordPress plugin called Display Widgets ...
Searchenginejournal.com

WordPress Anti-Spam Plugin Vulnerability Hits 200k+ Sites

A flaw in a WordPress anti-spam plugin with over 200,000 installations allows rogue plugins to be installed on affected websites. Security researchers rated the vulnerability 9.8 out of 10, reflecting ...

CleanTalk WordPress Plugin Vulnerability Threatens Up To 200K Sites

CleanTalk WordPress plugin vulnerability affecting up to 200,000 sites could lead to remote code execution by unauthenticated attackers.
TechRadar

Top WordPress anti-spam plugin may actually be putting your site at risk of attack

Researchers found two flaws in a popular WordPress plugin Flaws allow threat actors to install malicious plugins and run arbitrary code A patch is already available, so WordPress users should update ...
Bleeping Computer

Hacker Hides Backdoor Inside Fake WordPress Security Plugin

A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO." The attacker was obviously trying to ...