According to a recent report, hackers are actively exploiting zero-days in several WordPress plugins.
WordPress is the most popular content management system on the internet, boasting roughly 50-60 percent of the global CMS market.
A recent statistics suggest that over 35 percent of websites on the internet run on various versions of WordPress. The massive number of active installation comes with a significant downside, and that’s security.
Earlier in the year, researchers discovered critical vulnerabilities in WordPress plugins that could affect 400,000 websites. The affected plugins at the time include InfiniteWP Client, WP Time Capsule, and WP Database Reset.
Shortly after, security researchers at Impenetrable.tech found a security flaw in Elementor Page Builder, a plugin with over 3 million installs. The companies involved have since released updates to address these security issues.
Now, recent reports suggest a new set of WordPress hacking campaigns has launched since February, and they appear to be targetting WP plugin flaws.
8 WordPress Plugins that Hackers are Actively Exploiting
Researchers have advised website administrators to update the following WordPress plugins immediately.
Duplicator
Duplicator is one of the most popular plugins on WordPress, with over one million installs. It lets site owners export the content of their sites.
Meanwhile, the vulnerability allows attackers to export a copy of the site. That way, they can extract database credentials and also hijack a WordPress site’s underlying MySQL server.
The bug was patched in version 1.3.28 of the plugin.
Profile Builder
The bug in the profile builder plugin can allow hackers to register an unauthorized account on WordPress sites.
Makers of the plugin patched the bug on February 10. However, attacks didn’t begin until February 24, on the same day that researchers published the proof-of-concept code.
ThemeREX Addons
Security researchers also spotted attacks targeting ThemeRex Addons. It’s a zero-day exploit that allows hackers to create a rogue admin account, and it began on February 18.
Unfortunately, no patch exists for the bug at the moment. So, researchers recommend that website owners remove the plugin as soon as possible.
ThemeGrill Demo Importer
ThemeGrill Demo Importer is a plugin that ships with themes from ThemeGrill — a commercial WP theme vendor.
Right now, over 200,000 sites are using this plugin, and the bug allows attackers to wipe websites that are running the vulnerable version. Under specific conditions, the hacker could even take over the admin account.
With that said, ThemeGrill patched the bug in version 1.6.3 of the plugin.
Flexible Checkout Fields for WooCommerce
Hackers used a zero-day vulnerability to inject XSS payloads that can be triggered in a logged-in administrator’s dashboard. With the XSS payloads in, hackers can create admin accounts on the vulnerable site.
Attacks began back on February 26. However, the plugin developers have since issued a patch.
Other WordPress Plugins
Other plugins with similar zero-day exploit include Async JavaScript, 10Web Map Builder for Google Maps, as well as Modern Events Calendar Lite.
Meanwhile, patches are available for each of them.
hack4techspy Group of Hacker save My Marriage I was a victim of Marriage cheats from my husband without knowing he has a family outside our Marriage and has been spending my money on them I never know he was capable of such but due thou the recently way he starts sneakily around I got suspicious of him and was in need of a Hacker to spy on him without no doubt my suspicious was true. Wizard Hackron Hacker got me proof of his message and calls and the address of other families where he goes frequently if you have such a cheating partner contact him via hack4techspy @gmail com.
Left to me , I’ll say HACKERONE975 @ G MA IL CO M is who helped me find out my husband has been cheating on me, he had this scheme going for months. They gave me access to his mails, social media account (Facebook, Instagram, Whatsapp, Emails, Twitter etc), retrieving deleted text messages and call logs and even track his location. Having doubts in your relationship also? contact him…!!
Left to me , I’ll say { HACKERONE975 @ G MA IL CO M} is who helped me find out my husband has been cheating on me, he had this scheme going for months. They gave me access to his mails, social media account (Facebook, Instagram, Whatsapp, Emails, Twitter etc), retrieving deleted text messages and call logs and even track his location. Having doubts in your relationship also? contact him…!!
BITCOIN RECOVERY MASTER OPTIMISTIC HACKER GAIUS
Have you lost money as a result of shady Bitcoin traders, bogus binary options, or subpar investing platforms? Personally, I will only suggest (OPTIMISTIC HACKER GAIUS). The least I could do for them is this, considering that they recently saved my life by assisting me in retrieving up to 95.4BTC from an internet investment scam in less than two weeks. They helped his husband locate tokens and coins that had been taken as a result of frauds, and I was introduced to them by a coworker. I most surely would have became the victim of another online scammer in their attempt to assist me. I owe a lot to this asset recovery firm because it is so hard to acquire trustworthy help. Do you
Email address…. (optimistichackergaius @ seznam.cz)
WhatsApp: 1 6,0,1 4,6,0 ,9,4,7,7
Website:https: //optimistichackegaius.com
BITCOIN RECOVERY MASTER OPTIMISTIC HACKER GAIUS
Have you lost money as a result of shady Bitcoin traders, bogus binary options, or subpar investing platforms? Personally, I will only suggest (OPTIMISTIC HACKER GAIUS). The least I could do for them is this, considering that they recently saved my life by assisting me in retrieving up to 95.4BTC from an internet investment scam in less than two weeks. They helped his husband locate tokens and coins that had been taken as a result of frauds, and I was introduced to them by a coworker. I most surely would have became the victim of another online scammer in their attempt to assist me. I owe a lot to this asset recovery firm because it is so hard to acquire trustworthy help. Do you
Email address…. (optimistichackergaius @ seznam.cz)
WhatsApp: +1 6,0,1 4,6,0 ,9,4,7,7
Website:https: //optimistichackegaius.com
HOW I RECOVERED MY STOLEN BITCOIN
I’m very excited to speak about Crypto Recovery Expert Hackers, this cyber security company was able to assist me in recovering my stolen digital funds and cryptocurrency. I’m truly amazed by their excellent service and professional work. I never thought I could get back my funds until I approached them with my problems and provided all the necessary information. It took them 72 hours to recover my funds and I was amazed. Without any doubt, I highly recommend Crypto Recovery Expert Hacker for all your cryptocurrency recovery, digital funds recovery, hacking, and cybersecurity-related issues. Contact Email: cryptorecoveryexpert@ post. com
Mail – Cybergenie (AT) Cyberservices (DOT) C O M.
W/App – +1 – 2 – 5 – 2 – 5 – 1 – 2 -0 – 3 – 9 – 1.
W_E_B – Cybergeniehackpro . X Y Z.
To recover lost or stolen Bitcoin and other cryptocurrencies, CYBER GENIE HACK PRO has become the go-to option for individuals and companies. Reliable and efficient recovery services are becoming more and more necessary as the cryptocurrency business expands rapidly. CYBER GENIE HACK PRO distinguishes itself from competitors by employing a group of exceptionally proficient blockchain analysts and cybersecurity specialists who use state-of-the-art forensic methods to track the flow of digital assets, even in the most intricate situations. To increase the likelihood of a successful recovery, their all-encompassing strategy combines rigorous on-chain research, calculated cooperation with law enforcement, and the most recent advancements in crypto tracking technology. Cyber Genie Hack Pro is unique in that they have recovered millions of dollars worth of digital money that was lost or stolen, and it has never wavered in its dedication to maintaining client confidentiality. Throughout the recovery process, clients can be sure that their private information and belongings will be handled with the highest care and secrecy. Cyber Genie Hack Pro offers the know-how and resources to understand the complex world of blockchain transactions and restore lawful cryptocurrency holdings to their owners, regardless of the cause—a hack, a software bug, or a straightforward human error. Cyber Genie Hack Pro, the leading authority on Bitcoin and cryptocurrency recovery, offers priceless comfort to individuals who have been harmed by the inherent dangers of the digital asset ecosystem. I was a sinking boat of lost bitcoin until Cyber Genie Hack Pro rescued me from the boat. Find Cyber Genie Hack Pro via the info above.
Thank you.
Watch very well before you get married to that man or woman why am I saying this? I have passed through hell in the hands of men before I knew people like spyhackelite @gmail com exit when it comes to catching of cheating spouse. Men really dealt with me but after my contact with this hacker I realised that what ever a man tells you should be properly investigated cause most men out there are bunch of lairs am happy with spyhackelite @gmail com I broke into so many men cell phones to really know who they are in the hidden and trust me majority of them are lairs.
All you need is to hire an expert to help you accomplish that. If there’s any need to spy on your partner’s phone. From my experience I lacked evidence to confront my husband on my suspicion on his infidelity, until I came across ETHICALAHCKERS which many commend him of assisting them in their spying mission. So I contacted him and he provided me with access into his phone to view all text messages, call logs, WhatsApp messages and even her location. This evidence helped me move him off my life . I recommend you consult ETHICALHACKERS009 @ gmail.com OR CALL/TEXT +1(716) 318-5536 if you need access to your partner’s phone
Being a scam victim can be depressing, you were given empty promises. They usually stop replying after achieving their aim which hurts even more, i have been there too as I was too ambitious and wanted to get back my lost Btc worth $412,000. I never thought I would be getting back a dime back and already lost hope until I contacted this Verified Crypto Recovery expert which was with a leap of faith, as I wasn’t going to go down without a fight. I was able to recover a significant part of my BTC through these recovery experts. Do not brood alone, make a move too. Write to him on email at ( cryptorecoveryexpert @ post .com )
So many reasons you might need a hacker , could be for crypto recovery, phone hack , upgrade grades and many more. for me , i have tried so many hackers when i needed to know why my partner always come home late and takes late night calls. i tried hiring different hackers but got disappointed not until i met this great expert who i got recommended to by a good friend. within couple of hours i got access to my partner text messages, call recordings, hidden photos, deleted text , whatsApp and many more . thank you so much ( Techspymax @ g(M)ail c 0m )
Hello everyone, my name is Frank Lewis from Boston. I was among those who invested a good amount of money and time into crypto trading and ended up losing it all to a fake crypto scam. I was in huge debt and was going into depression until I came across a page pouring out praises about a Crypto recovery company FIRMWALL CYBER SECURITY COMPANY. At first, I was not fully convinced about their service but after losing more than a million dollars to a crypto scam, I decided to give it a try and see how it went, and to my biggest surprise, FIRMWALL CYBER SECURITY SERVICE was able to recover the crypto funds that was stolen from me. Truly, I’m still in shock about it because I thought I had lost it all. I’m very happy to know there is such a company out there to help scam victims recover their funds. I highly recommend their service to everyone out there who needs the same service.
Their Contact Information: FIRMWALLCYBER@TECHIE . COM
FIRMWALLCYBER.WIXSITE.COM/FIRMWALL
WHATS APP + 1 937 542 066 7
In Need Of a Hacker Urgently! Then i recommend ( SPYRECOVERY36 @ gm ail c om ) for quick responds and quality service. I have been using them for years and they have never dissappointed me. I was scammed some months ago $24,250 for crypto investment. i became a debtor, i tried so many hackers to help me recover my funds but yet i still got scammed by the hackers. None of them could get the job done after i made payment for the service. i was in deep pains not till my cousin suggested i try ( SPYRECOVERY36 @ gm ail c om ) that helped her retrieve her lost files and facebook account. i gave it a thought and texted him, He responded so quick. I told him what i need and in couple of hours after the process the job was done. He helped me recover the complete money that was scammed from me. i feel i haven’t appeciated you the way i should but the best way i can is to post your good works in my life. This is how i met him and he has been the one doing all my jobs for me. You can contact him ( SPYRECOVERY36 @ gm ail c om ) if in such urgent need of a good hacking service. He offers other services like recovery of text messages, photos, gm ail account, password, wallet phrase, upgrade university grade and many more..
Finding your partner cheating isn’t easy. People who cheat are generally smart enough to hide it. Therefore, their partners often spend nights awake wondering if their suspicions are true or not. Luckily today you are going to read about a way through which you can know for sure if your partner is cheating on you. This happens by sending a mail to Jeffreyethicalhacker Don’t worry, you aren’t going to need your partner’s phone in order to see what your partner had been up to. The way I told you worked for me, and it was remotely.
contact him via email;hackrontech @gmail com.
Please beware there are many fake bitcoin mining/clouding out there, I have been a victim once but now a certified blockchain consultant and I know better. The whole plan was so smooth I could not doubt it. Bitcoin is actually a great investment option but one thing I discovered over time is that it is not possible to mine bitcoin so don’t be deceived. I invested $25000 on a particular website called eurekaminingblock, I monitored the profit yielding but was told to open a new blockchain account to receive my payout. A public wallet was imported into the account and I was made to believe that was my profit. The bitcoin was labelled non spendable and it took me 2 years to be able to access it without the knowledge of the company. The non spendable bitcoin is the scam out there now and a lot of people are falling victim of it. I found CM (a recovery expert and trader) on Quora who helped me access a significant part of my investment together with the profit without the knowledge of the company. You can reach him through his email :hackrontech @gmail com
My girlfriend turned down my proposal to get married to her and I wonder why she did what she did not until I came in contact with Techspymax @ gma il com this hacker helped me in hacking into my girlfriend phone and after the hack I found out my girlfriend has been seeing my best friend right at my back. I also saw a-lot of their conversations also….
Being a scam victim can depressing, you were given empty promises. They usually stop replying after achieving their aim with hurts even more, i have been there too as i was too ambitious and wanted financial security which made me invest a huge chunk of my life savings. I never thought i would be getting back a dime back and already lost hope until i contacted a team which was just a leap of faith as i wasn’t going to go down without a fight. CM, a recovery expert that helped me get a significant sum of my investment back. Do not brood alone, make a move too, send a mail to hackrontech @gmail com .
There are lots of fake hackers online and i don’t wish anyone out there should fall victim in there hands, i can only recommend ( HACK4TECHSPY )and he has been doing a great job. can’t write all the good works he has done for me and my friends but his work is Accurate, Quick responds, Quality service and many more. He offer services like access to Facebook chats, WhatsApp messages, Phone texts, call logs, browser history, recover deleted files, chat history, gallery folder, GPS locations, upgrade result, delete criminal record and many more…if in need of any of such service, contact (hack4techspy @gmail com).
WEB BAILIFF CONTRACTORS LEGIT PHONE HACKER
I suspected my wife of 5 years of cheating on me and it turned out she was seeing her high school lover even though we have 2 little children. I hopped on the internet to look for a phone hacker so that I could confirm my fears when I came across Web Bailiff Contractors who has hundreds of reviews as legit phone hackers. I gave them her info and they got back to me me in about 4 hours. You can just search them on google and head on to their website where you can communicate via the chat feature or the contact details displayed.I suspected my wife of 5 years of cheating on me and it turned out she was seeing her high school lover even though we have 2 little children. I hopped on the internet to look for a phone hacker so that I could confirm my fears when I came across Web Bailiff Contractors who has hundreds of reviews as legit phone hackers. I gave them her info and they got back to me me in about 4 hours. You can just search them on google and head on to their website where you can communicate via the chat feature or the contact details displayed
My name is Anderson Gate and I’m a professional photographer who invested in crypto trading and was conned of my hard-earned money by a crypto group. I lost $273,000 worth of Bitcoin to this scam. I was nearly losing my mind when I came across FIRMWALL Cyber Security, an ethical recovery company with professional white hat hackers who were able to assist me in the recovery of my crypto. I’m truly grateful for their service and I recommend their service to everyone who needs to recover their stolen crypto funds.
You can contact them via Email: Firmwallcyber@techie . Com
Telegram: @Firmwallcyber (+1 213 672 4092 )
URL-(https:// firmwallcyber.wixsite.com/firmwall)
My partner hid her affair too well and I had no evidence to prove her infidelity to the court so I had to go back to my friend who I’m grateful for referring me to the review about a private investigator who he worked with on (( HACKERONE975 @ GMAILCOM )), I told them the service I’m needing from them and why I need it. Their services were topnotch which made working with them very easy, they got me everything I needed within few hours and it was amazing. I never knew technology has been so advanced that I can see everything wanted at the tip of my fingers (forgive me I’m not a techie and neither am I good at it), with their exceptional service, I was able to convince my lawyer on why I should get a divorce and start a new life.! This hacker literally saved me. I’m grateful
hackerone975 @ gmail com is your solution when your phone falls victim to hacking. With their expertise in data recovery and advanced detection techniques, they provide a reliable and efficient service to help you regain control of your device and secure your personal information. In today’s digital age, our smartphones hold a plethora of personal and sensitive information, making phone security a top priority. From financial details to personal photos, the data we store on our phones can be valuable and vulnerable. Protecting it from hackers is crucial to maintaining our privacy and preventing potential loss or misuse of our information. hackerone975 @ gmail com is a trusted firm to ensure that you are saved from hackers who are out there to steal
Do you need hackers for hire? Do you need to keep an eye on your spouse by gaining access to their emails? As a parent do you want to know what your kids do on a daily basis on social networks ( This includes facebook, twitter , instagram, whatsapp, WeChat and others to make sure they’re not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV, Taxes, Name it, We can get the job done. They are a group of professional hackers with 10 Years experience. Contact at ( hack4wise @gmail com ) … Send an email and Its done. Its that easy, try us out today.
I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact on: hack4wise @gmail com
Being a retiree, I never thought much about digital currencies until a friend introduced me to Bitcoin. I decided to try my hand at mining and airdropping and managed to accumulate a fair amount of coins of various kinds. I saved my decryption key on a USB drive, figuring it was the safest place. I recently found out my coins have appreciated running into hundreds of thousands of Australian Dollars. I was thrilled and ready to cash out. However, when I looked for the USB drive, it was nowhere to be found. I tore my house apart searching for it but to no avail. In desperation, I searched online for a solution and stumbled upon Cyber Genie Hack Pro. They provided a solution to my task which was programming a tool solely for my device, the tool claimed it could recover lost decryption keys. With nothing to lose, I downloaded the tool and followed the clear instructions. The program created by Cyber Genie Hack Pro scanned my computer and sourced out all passwords ever logged in on that system for years. After several hours, it provided a list of potential keys. I was skeptical but tried each one. To my amazement, one of the keys worked, and I could access my Blockchain account again. Thanks to Cyber Genie Hack Pro. I retrieved my coins. This experience has been a huge relief and has given me a new appreciation for technology. I’m now more careful with my important information and have a much brighter financial future.
Email: CyberGenie (@) CyberServices (.) C om.
W/A: + 1 2 5 2 5 1 2 0 3 9 1.