Threat Post

WordPress Fixes Remote Code Execution Flaw With 3.6.1 Release

WordPress has fixed a number of security vulnerabilities, including one that could lead to remote code execution on vulnerable installations. WordPress 3.6.1 is the new, updated release that contains ...
TechRadar

This buggy WordPress plugin allows hackers to lace websites with malicious code

Security researchers have identified a flaw in the Real-Time Find and Replace WordPress plugin that could allow hackers to lace websites with malicious code. The affected plugin affords WordPress ...
Bleeping Computer

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. Known as Backup Migration, ...
Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...
PC World

WordPress silently fixes dangerous code injection vulnerability

Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability. WordPress version ...