Security

Researchers at Defiant authored the popular Wordfence security solution for WordPress users and they have detected a massive campaign that has seen hackers actively scanning for websites employing the Kaswara Modern WPBakery Page Builder plugin.

The plugin was recently abandoned by the creative team behind it before receiving a patch for a critical security flaw.

Do you own and manage a WordPress site either personally or as part of your business?  Do you also use the Tatsu plugin which offers a powerful suite of in-browser editing features and has been installed by more than 100,000 users worldwide?

If so, be aware that there is a serious security flaw in the plugin, and you should update right away to minimize your risk.

Millions of people around the world have leveraged the awesome power of WordPress to build their sites.  Whether for personal or business use, WordPress has the flexibility and functionality to create just about any type of site you can dream of.

A large part of this flexibility comes from the power of plugins, but that’s the problem.  With thousands of plugins available, there are lots of opportunities for hackers.

Do you have a WordPress site?  Do you use the PHP Everywhere plugin?

If so, you’re not alone.  More than 30,000 site owners have installed it.  It’s an excellent plugin that dramatically enhances websites using it, because it allows webmasters to place PHP pretty much anywhere on the page to display dynamic web content.

The WP HTML Mail plugin has been installed on more than 20,000 websites. If you’ve built a WordPress site for your business and you use that plugin,  be aware that you are at risk.  A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site’s registered users.