ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
Bleeping Computer

Hackers exploit Modular DS WordPress plugin flaw for admin access

Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level ...
TechRadar

This WordPress plugin grants hackers 'ultimate' admin access to your site

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Thousands of WordPress sites could be at risk as a vulnerability in the Ultimate Member plugin ...
Bleeping Computer

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin ...

Hackers exploiting WordPress membership plugin bug to create admin accounts

A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.