ZDNet

Large-scale attack tries to steal configuration files from WordPress sites

Hackers have launched a massive campaign against WordPress websites over the past weekend, attacking old vulnerabilities in unpatched plugins to download configuration files from WordPress sites. The ...
Threat Post

WordPress File Management Plugin Riddled with Critical Bugs

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution. A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File ...
Threat Post

Active Attacks Target Popular Duplicator WordPress Plugin

When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then. Active exploits are targeting a recently patched flaw in the popular WordPress plugin ...
Bleeping Computer

Hackers tried to steal database logins from 1.3M WordPress sites

A large scale attack targeted hundreds of thousands of WordPress websites over the course of 24 hours, attempting to harvest database credentials by stealing config files after abusing known XSS ...
ZDNet

WordPress to add auto-update feature for themes and plugins

The WordPress developer team is working on adding an auto-update mechanism to themes and plugins, a common source of website hacks, primarily because site owners usually install themes and plugins, ...
TechRadar

Patch this WordPress plugin bug, thousands of site owners warned

The Wordfence Threat Intelligence team has discovered two separate vulnerabilities in a popular WordPress plugin used to change how download pages are displayed. The plugin in question is called ...
Searchenginejournal.com

WordPress Update Fiasco

The WordPress development team, in a series of missteps, pushed out a flawed update that made it impossible to install new WordPress sites. They paused the update rollout in an attempt to fix that ...