WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files ...
Searchenginejournal.com

Data Confirms A Surge In WordPress Vulnerabilities

WordPress security researchers at Patchstack published their annual State of WordPress Security whitepaper that showed an increase of high and critical severity vulnerabilities, highlighting the ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...
PC World

Recent WordPress vulnerability used to deface 1.5 million pages

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven’t yet applied a recent patch for a critical vulnerability. The vulnerability, located in the platform’s REST API, ...
Digital Journal

Warning over new WordPress transactions vulnerability

A WordPress plug-in could potentially allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. This poses a potential risk to those who use WordPress for e-commerce. Dr.
Dark Reading

Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy

Attackers are actively exploiting a critical vulnerability in BackupBuddy, a WordPress plug-in that an estimated 140,000 websites are using to back up their installations. The vulnerability allows ...
heise online

WordPress plugins with critical vulnerabilities, some already under attack

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked. Patchstack discusses the details in their advisory. Since last Friday, ...