Bleeping Computer

200K WordPress Sites Exposed to Takeover Attacks by Plugin Bug

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the ...
ZDNet

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

WordPress site owners who use commercial themes provided by ThemeGrill are advised to update one of the plugins that come installed with these themes to patch a critical bug that can let attackers ...