Bleeping Computer

Zero-Day in WordPress Plugin Exploited to Create Admin Accounts

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...

WordPress Anti-Malware Plugin Flaw Exposes 100K Sites To An Alarming Security Threat

A new threat in is the wild affecting sites that run WordPress, a popular content management system. Wordfence, a company that focuses on security research in the WordPress ecosystem, is reporting ...
ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
Hosted on MSN

Millions of attacks hit WordPress websites - here's how to make sure you stay safe

Unpatched GutenKit and Hunk Companion plugins exploited in mass WordPress attacks Attackers use ‘up’ plugin to gain admin access and deploy malware Wordfence blocked 8.7 million attempts in 48 hours; ...
SecurityWeek

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover

Many websites exposed to account takeover due to a critical vulnerability in the email delivery WordPress plugin Post SMTP.
CSO Online

WordPress plugin hole enables account takeover

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can ...