VulnHub

Real-time Cybersecurity News

Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites

Security Affairs
CVEExploitVulnerabilityCritical

Overview

A serious SQL injection vulnerability (CVE-2026-2413) has been discovered in the Ally plugin for WordPress, which is currently used on over 400,000 websites. This flaw allows attackers to exploit the plugin without needing any authentication, potentially enabling them to access and steal sensitive data from affected sites. The vulnerability has a CVSS score of 7.5, indicating a high severity level. Security researchers at Acquia, including Drew Webber, identified this issue, raising concerns for site administrators who may not be aware of the risks. It's crucial for users of the Ally plugin to take immediate action to protect their sites from potential attacks.

Key Takeaways

  • Affected Systems: Ally WordPress plugin (CVE-2026-2413), affecting over 400,000 WordPress sites.
  • Action Required: Website administrators should update the Ally plugin to the latest version as soon as a patch is released.
  • Timeline: Newly disclosed

Original Article Summary

An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on […]

Impact

Ally WordPress plugin (CVE-2026-2413), affecting over 400,000 WordPress sites.

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Website administrators should update the Ally plugin to the latest version as soon as a patch is released. In the meantime, users should consider disabling the plugin until a fix is applied to mitigate the risk of exploitation.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability, and 1 more.

Read Original Article

Related Coverage

Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes

Hackread – Cybersecurity News, Data Breaches, AI and More

Law enforcement agencies in Europe and the United States have successfully dismantled the SocksEscort proxy network, which was built using compromised routers. This network was utilized by cybercriminals for various global fraud schemes, allowing them to mask their online activities. The operation involved cooperation between multiple agencies, highlighting the importance of international collaboration in tackling cybercrime. The disruption of this network is significant as it not only affects the criminals who relied on it but also aims to protect individuals and businesses from the fallout of these fraudulent activities. This incident serves as a reminder of the ongoing threat posed by cybercriminals using compromised infrastructure to conduct illegal operations.

Mar 12, 2026

Iran-linked group claims wiper attack and takedown of medical device maker Stryker

SCM feed for Latest

An Iranian-linked group has claimed responsibility for a wiper attack that targeted the medical device manufacturer Stryker, marking a significant escalation in cyberattacks against U.S. companies since the onset of the Iran conflict on February 28. Wiper malware is designed to erase data and disrupt operations, posing serious risks to critical healthcare infrastructure. Stryker, known for its surgical and medical devices, may face operational challenges as a result of this incident. This attack underscores the increasing use of cyber warfare tactics in geopolitical conflicts, raising concerns about the security of other companies in the healthcare sector and beyond. Organizations are urged to bolster their cybersecurity measures to defend against similar threats.

Mar 12, 2026

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

The Hacker News

A new banking malware known as VENON has been discovered, targeting 33 banks in Brazil. This malware is notable for being written in Rust, which differentiates it from other prevalent malware in the region that typically uses Delphi. It specifically aims to steal user credentials by infecting Windows systems. Researchers first identified VENON last month, raising concerns about its potential impact on Brazilian banking customers. This malware represents an evolving threat in the Latin American cybercrime landscape, and users should be vigilant about their online security.

Mar 12, 2026

Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages

Hackread – Cybersecurity News, Data Breaches, AI and More

Scammers are exploiting security features from Cloudflare to mask fraudulent Microsoft 365 login pages, making it harder for users to identify phishing attempts. This tactic allows attackers to evade detection by antivirus software and security systems, putting sensitive information at risk. Users of Microsoft 365 should be particularly cautious, as these phishing pages can look very convincing and lead to credential theft. The situation emphasizes the need for individuals and organizations to remain vigilant about email security and to double-check URLs before entering personal information. Cybersecurity experts are urging users to enable multi-factor authentication to add an extra layer of protection against such scams.

Mar 12, 2026

Veeam warns of critical flaws exposing backup servers to RCE attacks

BleepingComputer

Veeam Software has issued patches for serious vulnerabilities in its Backup & Replication solution, including four critical remote code execution (RCE) flaws. These vulnerabilities could allow attackers to execute malicious code on affected backup servers, potentially leading to data breaches or system takeovers. Organizations using Veeam's software should prioritize applying these patches to safeguard their systems. The risks are particularly concerning for companies that rely on Veeam for data protection, as failing to address these vulnerabilities could leave sensitive data exposed. This incident serves as a reminder for all users of backup solutions to stay vigilant and ensure their software is up to date.

Mar 12, 2026

Authorities takedown global proxy network SocksEscort

CyberScoop

Authorities have dismantled a global proxy network known as SocksEscort, which had compromised routers and Internet of Things (IoT) devices across 163 countries. This botnet reportedly affected around 369,000 victims and generated approximately $5.8 million in revenue for its cybercriminal operators. The operation's scale demonstrates how widespread such threats can be, as compromised devices can facilitate various cybercrimes, including unauthorized access and data theft. The takedown is a significant step in combating the growing issue of botnets, which can put both individuals and organizations at risk. Users are advised to secure their devices and ensure they are not part of such networks.

Mar 12, 2026