Android adware abusing plugin frameworks to promote potentially malicious apps
Android adware has embraced an innovative way to promote potentially malicious apps: abuse Android plugin frameworks.
David Bisson reports.
Tag Archive for: plugin
WordPress users warned of plugin flaw being exploited in porn spam attack
Tens of thousands of websites running WordPress are thought to have been put at risk from a vulnerability that hackers have been actively exploiting to inject pornographic spam messages.
Read more in my article on the Hot for Security blog.
WordPress Patches Zero Day in WP Mobile Detector Plugin – Threatpost
Threatpost |
WordPress Patches Zero Day in WP Mobile Detector Plugin
Threatpost A WordPress plugin was patched Thursday night, close to a week after reports began to surface of public attacks against a zero-day vulnerability. WP Mobile Detector was pulled from the WordPress Plugin Directory once the attacks went public. It was … WordPress Sites Under Attack from New Zero-Day in WP Mobile Detector Plugin Over 10000 WordPress sites vulnerable to exploit [Security Disclosure] WP Mobile Detector Vulnerability Being Exploited in the Wild |
Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk
Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.
Jetpack is a popular plug-in that offers free website optimization, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open-source project, and has over 1 million active installations.
Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.
The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.
To read this article in full or to leave a comment, please click here