Critical Vulnerability in GiveWP Plugin Exposes 100,000 Sites

On August 21, 2024, cybersecurity experts are sounding alarms over a critical vulnerability (CVE-2024-5932) discovered in the GiveWP WordPress plugin, which impacts over 100,000 sites. With a CVSS score of 10.0, this PHP object injection flaw enables remote code execution, potentially compromising sensitive data and the integrity of affected sites. Organizations using this plugin are urged to patch immediately to prevent exploitation.

In addition to this alarming vulnerability, the month has seen a surge in ransomware attacks, notably against Acadian Ambulance Services, which experienced a breach resulting in the leak of protected health information, and Patelco Credit Union, where personal data for 726,000 customers was compromised due to a RansomHub attack.

Adding to the concerns, a significant data breach at National Public Data has exposed millions of Social Security numbers, raising fears of identity theft. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also warned about actively exploited vulnerabilities in systems like SolarWinds and Ivanti, emphasizing the need for heightened vigilance and robust cybersecurity measures across the industry.