CYBER Threat Intelligence Reports


CVE-2024-2771: Unauthenticated Attackers Can Hijack 400K+ WordPress Sites via Fluent Forms Bug

A critical vulnerability (CVE-2024-2771) in the Fluent Forms WordPress plugin, affecting over 400,000 sites, allows unauthenticated attackers to gain administrative access, leading to potential website…

Read more >

CVE-2024-3368: Vulnerability in All in One SEO Plugin Threatens Millions of WordPress Sites

A critical authenticated stored XSS vulnerability (CVE-2024-3368) has been discovered in the All in One SEO (AIOSEO) WordPress plugin, affecting versions up to 4.6.0. This…

Read more >

CVE-2024-4041: XSS Vulnerability in Yoast SEO Plugin

A critical security vulnerability, designated CVE-2024-4041, has been discovered in the Yoast SEO plugin used on over 5 million WordPress sites. This reflected Cross-Site Scripting…

Read more >

“Mal.Metrica” Malware Rampantly Exploiting WordPress to Compromise Over 17,000 Sites

The Mal.Metrica malware is actively exploiting WordPress vulnerabilities, impacting more than 17,000 sites. This malware deceives users with fake CAPTCHA prompts leading to scam-ridden sites,…

Read more >

XSS Vulnerability in WordPress Core (CVE-2024-4439)

A severe stored Cross-Site Scripting (XSS) vulnerability, CVE-2024-4439, has been discovered in WordPress versions up to 6.5.2, particularly affecting the Avatar block. This vulnerability allows…

Read more >

Widespread Attack on WordPress Sites via LiteSpeed Cache Plugin Exploit (CVE-2023-40000)

Hackers are exploiting a critical vulnerability, CVE-2023-40000, in the LiteSpeed Cache Plugin for WordPress, impacting over 5 million websites. This flaw allows unauthorized administrative account…

Read more >

Cybersecurity Best Practice

Under Cyber Attack?

Fill out the form and we will contact you immediately.