News

Imagine discovering that your WordPress site, which should be secure and under strict control, has suddenly become accessible to unauthorized users who have the same administrative powers as you. This nightmare scenario was recently made possible for users of the popular User Registration plugin, which suffered from a critical privilege escalation vulnerability. This breach meant […]

MalCare continues to protect its customer sites from all kinds of attacks, even the ones exploiting zero-day vulnerabilities. The recent stored cross-site scripting (XSS) vulnerability found in the WP-Members Membership plugin is yet another example of the proactive protection provided by our robust Atomic Security firewall. The WP-Members XSS vulnerability presents a very high chance […]

ManageWP is a popular name in the WordPress maintenance plugins market. People love how much you get for a free plan, how easy it is to set up, and how intuitive the dashboard is. Unfortunately, that is where the good news ends.  Once we started to test them, we were quickly looking for ManageWP’s alternatives. […]

MalCare’s recent data has revealed numerous attempts to exploit a newly found SQL injection vulnerability in the Icegram Express plugin. Attackers commonly use this sophisticated SQL injection technique to extract data from vulnerable databases. This vulnerability is particularly dangerous because it’s easy to attack—no special permissions or user roles are needed. This means that even […]

The recent WordPress core vulnerability is a critical one, primarily because of two reasons. Firstly, it affects the WordPress core itself, which means that every WordPress site is vulnerable to these XSS attacks. Put this in the context of 44% sites on the Internet running on WordPress, and you see the scale of the issue […]