Due to the current market situation, we unfortunately have to increase some domain extensions prices, as other providers have already done. Domain name renewals will experience a small annual increase (up to 10% from current price). These price increases apply (currently) only for “domain renewals”. Details: https://www.globe.lu/en/domain/
The vulnerability (CVE-2024-12365) is rated with a threat level of “high”. Details https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery https://www.heise.de/news/WordPress-Plug-in-W3-Total-Cache-Potenziell-1-Millionen-Websites-attackierbar-10246228.html
Please remove – delete the Fancy Product Designer Plugin plugin! This plugin suffers from Unauthenticated Arbitrary File Upload, where users can upload arbitrary files including PHP files to the server, resulting in a Remote Code Execution (RCE). The second vulnerability is Unauthenticated SQL Injection which allows any users to execute arbitrary SQL queries in the database of the WordPress site. Details: https://patchstack.com/articles/critical-vulnerabilities-found-in-fancy-product-designer-plugin/ https://www.heise.de/news/Zero-Day-Luecke-bedroht-WordPress-Plug-in-Fancy-Product-Designer-10233192.html
Important note regarding increasing cyber attacks! Due to war-related cyber attacks on western communication infrastructure, unpredictable disruptions, failures and sabotage currently occur anywhere. These cyber attacks (including phishing emails) have reached an extremely high level and are hard to defend effectively against these masses. Please ONLY use secure passwords, keep your CMS (WordPress, Joomla etc.) always up to date and do not open any phishing […]
The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wpforms_is_admin_page’ function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions Details: https://www.wordfence.com/blog/2024/12/6000000-wordpress-sites-protected-against-payment-refund-and-subscription-cancellation-vulnerability-in-wpforms-wordpress-plugin/ german: Wordpress: WPForms-Plug-in reißt Sicherheitsleck in 6 Millionen Webseiten! Im WordPress-Plug-in WPForms können […]
Das ist seit Ende August bereits die dritte riskante Sicherheitslücke in Litespeed Cache, die die zahlreichen damit ausgestatteten WordPress-Instanzen in Gefahr bringt. Details: https://www.heise.de/news/Wordpress-Plug-in-Abermals-gravierende-Sicherheitsluecke-in-Litespeed-Cache-9975165.html
AI Website Builder, now available for all new and existing shared hosting customers starting from 0 EUR. Tired of WordPress, Joomla or other complicated CMS? Then take a look at our new website builder. Professional website builder: – AI support – 200+ templates (responsive) – Multilingual pages – E-commerce shop functions – Website import Many Plugins Type: Blog, E-commerce, Landing Basic: Button, Languages, Layout, Form, […]
WordPress has announced that two-factor authentication (2FA) for plugin and theme authors will be enforced. From October 1, 2024, plug-in and theme developers must activate two-factor authentication (2FA) in their account. Activation is mandatory. details: https://www.heise.de/en/news/WordPress-2FA-becomes-mandatory-for-plug-in-and-theme-developers-9865702.html german: https://www.heise.de/news/WordPress-2FA-wird-verpflichtend-fuer-Plug-in-und-Theme-Entwickler-9865670.html
Critical Account Takeover Vulnerability in LiteSpeed Cache Plugin! The plugin suffers from an unauthenticated account takeover vulnerability which allows any unauthenticated visitor to gain authentication access to any logged-in users and at worst can gain access to an Administrator level role after which malicious plugins could be uploaded and installed. english: https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/ german: https://www.heise.de/news/WordPress-Plug-in-LiteSpeed-Cache-erneut-angreifbar-9859538.html
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. Details: https://www.wordfence.com/blog/2024/08/1000000-wordpress-sites-protected-against-unique-remote-code-execution-vulnerability-in-wpml-wordpress-plugin/ german: https://www.heise.de/news/Wordpress-1-Million-Webseiten-nutzen-verwundbares-Plug-in-WPML-9848419.html
As of 01/09/2024 price of .com will see a small increase and starting 02/09/2024 price of 18 other domain extensions will experience a small increase (up to 10% from current price).
The LiteSpeed Cache plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.3.0.1. This is due to the plugin not properly restricting the role simulation functionality allowing a user to set their current ID to that of an administrator, if they have access to a valid hash which can be found in the debug logs or through brute force. […]
Modern Events Calendar plugin for WordPress – Update NOW! The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site’s server which may make remote […]
If you have any of these plugins installed, you should consider your installation compromised and immediately go into incident response mode. social warfare blaze widget wrapper link elementor contact form 7 multi step addon simply show hooks Details: https://www.wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins/ https://www.heise.de/news/Wordpress-Fuenf-Plug-ins-mit-Malware-unterwandert-9777207.html
Eine Lücke in Outlook-Konten soll das Fälschen von Absenderadressen ermöglichen – unter Umgehung von Verifizierungsmechanismen wie DMARC. Details: https://www.heise.de/news/Wirrungen-um-Luecke-Absender-Faelschung-in-Outlook-9770291.html
Microsoft legt Windows Mail und Kalender lahm, auch alte Webbrowser werden ausgesperrt. Worin die Einschränkungen genau bestehen, nennt Microsoft in der Übersicht nicht. Medienberichten zufolge soll jedoch die Fähigkeit zum Mail-Empfang und -Versand abgewürgt werden. Es lassen sich demzufolge alte Mails und Einträge nur noch lesend ansehen. Als Zeitplan nennt Microsoft, dass die Verstümmelung der Software Mitte Juli starten und bis Ende September 2024 beendet […]
In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases. Details: https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/ Update german: https://www.golem.de/news/jetzt-bei-have-i-been-pwned-milliarden-von-zugangsdaten-auf-telegram-entdeckt-2406-185711.html
Since we are currently receiving too many phishing emails and calls (fake requests), unverified phone and email Support requests can currently not be processed. Therefore, please send us a verified support request over your customer account Login > Open Ticket. Since we cannot determine the identity and authorization of a caller by phone, unfortunately no questions about account details can be answered by phone for […]
Critical security vulnerability in WordPress plugin Layerslider – Please Update NOW! The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries […]
Hackers Stole Microsoft Source Code Details: https://www.heise.de/news/Russische-Angreifer-klauen-Quellcode-von-Microsoft-9650468.html Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/