Threat Post

PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE

The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Tens of ...
Threat Post

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF. Researchers have created a proof-of-concept exploit that would ...
Dark Reading

Critical Site Takeover Flaw Affects 400K WordPress Sites

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and ...
Bleeping Computer

Security plugin flaw in millions of WordPress sites gives admin access

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

This popular WordPress security plugin has a worrying flaw which exposed user data

Security researchers at Wordfence reported a vulnerability in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress. As the name suggests, this plugin allows site owners to scan for ...

WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially ...