CSOonline

WordPress 0-day content injection vulnerability

Today news broke of a particularly nasty zero day vulnerability in the WordPress REST API. The vulnerability in this case would allow for content injection as well as privilege escalation. This ...
Searchenginejournal.com

Better Search Replace WordPress Vulnerability Affects Up To +1 Million Sites

A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to ...
Threat Post

1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure

WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability. Attackers have taken a liking to a content-injection ...
Searchenginejournal.com

Loginizer WordPress Vulnerability Affects +1 Million Sites

WordPress Loginizer Plugin has issued a security patch for a vulnerability that could allow a hacker to modify a database through an Unauthenticated SQL Injection exploit. This kind of exploit, also ...
Threat Post

WordPress Patches Serious Shortcodes Core Engine Vulnerability

WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes. WordPress core engine security ...