Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...
TechRadar

This buggy WordPress plugin allows hackers to lace websites with malicious code

Security researchers have identified a flaw in the Real-Time Find and Replace WordPress plugin that could allow hackers to lace websites with malicious code. The affected plugin affords WordPress ...