Shakeel Ali’s Post

DW FAQ - WordPress Plugin - We have created DW FAQ to help you quickly & easily add the Frequently Asked Questions (FAQ) section to your WordPress site. This is a simple but flexible plugin that helps you insert FAQ section via short-code or PHP function. It comes with these fo - read more...https://lnkd.in/dpthdVVp, #accordion #DesignWall #faq #FAQs #frequentlyaskedquestions #wordpressfaq #wordpressfaqplugin #wordpressFAQs #wpFAQplugin

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites https://ift.tt/QZBxjUg Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations. via The Hacker News https://ift.tt/9tSu3Pp May 28, 2024 at 01:30AM

If you use Elementor for WordPress, please update today. A security flaw that allows authenticated attackers, with contributor-level access and above, to delete arbitrary files and inject PHP Objects through the use of a phar wrapper, both of which can lead to remote code execution. https://lnkd.in/erw8SYzq

WordPress Plugin abused to install e-skimmers in e-commerce sites Threat actors are exploiting a WordPress plugin to insert malicious PHP code in e-commerce sites and steal credit card data. Sucuri researchers observed threat actors using a PHP snippet WordPress plugin to install malicious code in WooCommerce e-stores and harvest credit card details. In the campaign spotted by the experts, attackers use a very obscure WordPress plugin called Dessky Snippets, which has only a few hundred active installations at the time of writing. https://lnkd.in/dY4EkcKx

WordPress Bricks Builder Theme 1.9.6 Remote Code Execution: This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

How to overcome the plugin conflict in the WordPress websites? 1. The first step is to investigate if there is an update available for the plugin or theme that has stopped working. If that is the case, it is recommended to perform the update. 2. If the error persists, the chances of your plugin being incompatible with another plugin or theme is great. 3. Still the same issue with the website means, have to work on the backend php my admin to change the php version. Deactivate each and every plugin step by step and it will resolve the plugin conflict. #woocommerce #wordpress #pluginconflict

WordPress Plugin: Better Search Replace, vulnerability exposed A vulnerability of critical severity was identified and subsequently addressed within the Better Search Replace plugin for WordPress, a plugin boasting more than 1 million active installations on websites. Exploiting this vulnerability successfully could result in a range of adverse outcomes, including arbitrary file deletions, the unauthorised retrieval of sensitive data, and potential code execution. Better Search Replace stands as a widely used WordPress utility that streamlines and automates the execution of search and replace operations within a WordPress website's database. This functionality proves valuable, particularly in tasks related to site or server migrations. Wordfence describes the vulnerability: “ The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input.This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. ” WP Engine has promptly resolved this issue, so if you haven’t already updated this plugin to the newest version, DO IT NOW! #WordPress #WordPresssecurity #WordPressplugins #WordPressupdates #WordPresswebsite ~lf

High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin On December 14th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in File Manager Pro, a WordPress plugin with an estimated 10,000+ active installations. This vulnerability made it possible for authenticated attackers to create a PHP file that could contain malicious content and ...Read More The post High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin appeared first on Wordfence.

Why trust Storyblok's plugins over Wordpress? 👉 Isolated code: In Storyblok, code can't disrupt the system. This is different from WordPress, where one wrong line of PHP can crash the site. The code is isolated in an iframe, away from the main CMS. 👉 CMS-only code: The code stays inside the CMS and doesn't appear on the frontend. This makes it safer from hacking because it's not exposed on the website. 👉 Approved plugins only: Storyblok only allows approved plugins, reducing the risk of problems from badly written plugins. Overall, Storyblok's field type plugin is more modern, secure and reliable compared to WordPress plugins. What do you think? Anything to add?

How to fix the WordFence wordfence-waf.php problem https://lnkd.in/gzcJMAFP If you have migrated WordPress from place to place, and have faced this problem, which means .htaccess file updated by Wordfence plugin is causing the problem. You have to rename the file to something else to make your website is working again. Easy-peasy