Critical Privilege Escalation Vulnerability in Essential Addons for Elementor Plugin Affecting Over One Million Sites

Introduction A severe vulnerability has been detected in Essential Addons for Elementor (from 5.4.0 through 5.7.1), a WordPress plugin with over one million active installations. This flaw was patched on May 11, 2023, but due to its severity, we believe it’s essential to raise awareness and ensure all affected users have applied the patch. Details … Read more

Vulnerability fixed in WordPress Elementor Pro plugin – How cPGuard handles it

The vulnerability – High severity vulnerability fixed in WordPress Elementor Pro plugin As many of you are aware already, there is a critical vulnerability reported in the WordPress Elementor Pro plugin, which is installed on millions of websites. Though they have already released a patched version already, there are still many websites left unpatched, and … Read more

Howto detect malware’s with WP-CLI

WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installations and much more, without using a web browser. This tool need ssh access to server using it. More information for this tool found their homepage. This tutorial we show how you can detect malware’s in WordPress installation. WP-CLI Installation Depend your … Read more

How to pick a secure WordPress theme

How to pick a secure WordPress theme

When it comes to choosing a WordPress theme, most website creators look for two things in particular: looks and functionality. However, another arguably more important factor that most people overlook is security. Picking a secure WordPress theme is one of the best ways to protect your website from hackers. There are, of course, many ways … Read more

WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary - wp_options import vulnerability

Last week, two cybersecurity companies found a Zero-Day vulnerability in WordPress SMTP Plugin. The vulnerability is located in the new import/export functionality added in v1.3.9 of Easy WP SMTP. It lets attackers exploit the lack of capability checks in the plugin’s admin_init hook to alter any values in the wp_options table. Additionally, since the admin_init … Read more

Malware plugin’s to WordPress (woocomerce & aksimet)

Malware Signature Updates

When WordPress website user account compromised, there is possibility upload plugins. We have seen new malware plugins for WordPress which are named with woocomerce and aksimet. These plugins not have anything doing with real plugins, which are woocommerce and akismet. Both of these plugins use WordPress add_action(‘init’,”) function to activate itself and ready take commands … Read more

How to Add Two-Factor Authentication in WordPress

Wordpress Two-Factor authentication plugins

Have you noticed that sites like Facebook and Google now give you the ability to add two-factor authentication to enhance security? Well now you can add to two-factor authentication to your WordPress site. This ensures maximum security for your WordPress site. In this article, we will show you how to add two-factor authentication to the … Read more

WordPress Two-Factor Authentication Plugins

Wordpress Two-Factor authentication plugins

Most websites are created by using WordPress application because of its user friendly interface and ease of use. Nowadays updates for major web application are released more faster than ever, this situation was due to that hackers are more efficient to break every code for finding any loopholes aggressively. So if any vulnerabilities are reported, … Read more

WordPress GDPR Compliance Plug-in exploited (Privilege Escalation Flaw)

Vulnerability

On the 6th of November 2018, a popular WordPress plugin known as WP GDPR Compliance plugin, which is created to help website owners with GDPR compliance, was found to contain harmful vulnerabilities for privilege escalation that could allow for arbitrary code execution. Hackers have exploited this vulnerability to attack a number of websites. The vulnerability … Read more