MalCare continues to protect its customer sites from all kinds of attacks, even the ones exploiting zero-day vulnerabilities. The recent stored cross-site scripting (XSS) vulnerability found in the WP-Members Membership plugin is yet another example of the proactive protection provided by our robust Atomic Security firewall. The WP-Members XSS vulnerability presents a very high chance…

MalCare’s recent data has revealed numerous attempts to exploit a newly found SQL injection vulnerability in the Icegram Express plugin. Attackers commonly use this sophisticated SQL injection technique to extract data from vulnerable databases. This vulnerability is particularly dangerous because it’s easy to attack—no special permissions or user roles are needed. This means that even…

The recent WordPress core vulnerability is a critical one, primarily because of two reasons. Firstly, it affects the WordPress core itself, which means that every WordPress site is vulnerable to these XSS attacks. Put this in the context of 44% sites on the Internet running on WordPress, and you see the scale of the issue…

In our recent data, we have seen a number of attacks trying to exploit a SQL injection vulnerability, recently discovered in the LayerSlider plugin. This vulnerability is a critical one, considering its low barrier for attacks. Attackers do not need any authorization or elevated user roles to mount such attacks. Moreover, while this particular method…

MalCare blocked more than 11000 attempts to exploit the recently discovered Royal Elementor plugin vulnerability. Our firewall protected sites for over a week before the vulnerability was patched and for more than two weeks before it was disclosed.  This incident is a great showcase of MalCare’s new proactive threat defense capabilities: Atomic Security, which ensures…