plugin
-
Blog
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin…
Read More » -
Blog
How Electric Car, Plug-In Hybrid, Hybrid Reliability Compare
EVs are battery-powered vehicles that need to be plugged in to charge. As was the case in prior years, newer manufacturers are still struggling to catch up with more established automakers. Both Lucid and Rivian started delivering new cars to owners only in 2021. The Lucid Air is the least-reliable electric sedan, and of brands for which we have sufficient…
Read More » -
Blog
Security plugin flaw in millions of WordPress sites gives admin access
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), including both free and Pro versions. Really Simple Security is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detection. Its free version alone is used in over four million websites. Wordfence,…
Read More » -
Blog
Electric Vehicles & Plug-In Hybrids Qualifying for Federal Tax Credit
To qualify for a tax credit of up to $7,500, a new EV or eligible plug-in hybrid vehicle (PHEV) must meet certain rules: • A vehicle’s MSRP must not exceed certain limits, so pricey EVs like the GMC Hummer EV, Lucid Air, and Tesla Model S won’t qualify. For SUVs, pickup trucks, and vans, the threshold is $80,000. For sedans,…
Read More » -
Blog
/cdn.vox-cdn.com/uploads/chorus_asset/file/25654314/STK302_WORDPRESS_C.jpg)
WordPress.org’s latest move involves taking control of a WP Engine plugin
WordPress.org has taken over a popular WP Engine plugin in order “to remove commercial upsells and fix a security problem,” WordPress cofounder and Automattic CEO Matt Mullenweg announced today. This “minimal” update, which he labels a fork of the Advanced Custom Fields (ACF) plugin, is now called “Secure Custom Fields.” It’s not clear what security problem Mullenweg is referring to…
Read More » -
Blog
Jeep Grand Cherokee, Wrangler Plug-In Hybrids Recalled for Fire Risk
Vehicles Recalled • Jeep Wrangler 4xe SUVs manufactured between July 1, 2020, and Nov. 16, 2023.• Jeep Grand Cherokee 4xe SUVs manufactured between May 17, 2021, and Nov. 16, 2023. The problem: Separator damage within the high-voltage battery pack may lead to a vehicle fire. Jeep is investigating the root cause of the problem along with Samsung SDI, the battery manufacturer.…
Read More » -
Blog
Malware infiltrates Pidgin messenger’s official plugin repository
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions…
Read More » -
Blog
Hackers are exploiting critical bug in LiteSpeed Cache plugin
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. The security issue is tracked as CVE-2024-28000 and allows escalating privileges without authentication in all versions of the WordPress plugin up to 6.3.0.1. The vulnerability stems from a weak hash check in…
Read More »
