Threat Post

WordPress File Management Plugin Riddled with Critical Bugs

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution. A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File ...
ZDNet

WordPress File Manager plugin flaw causing website hijack exploited in the wild

The file in question was pulled by third-party dependency elFinder and used as a code reference. An extension added to the file, the rename of connector-minimal.php-dist to connector-minimal.php, was ...
Infosecurity Magazine

Critical WordPress Plugin Bugs Exploited En Masse

Threat actors are attempting to exploit three critical CVEs from 2024 impacting two popular WordPress plugins, according to Wordfence. The security vendor claimed that the bugs affect the GutenKit and ...

This popular WordPress security plugin has a worrying flaw which exposed user data

Security researchers at Wordfence reported a vulnerability in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress. As the name suggests, this plugin allows site owners to scan for ...
Bleeping Computer

PHP Everywhere RCE flaws threaten thousands of WordPress sites

Researchers found three critical remote code execution (RCE) vulnerabilities in the 'PHP Everywhere' plugin for WordPress, used by over 30,000 websites worldwide. PHP Everywhere is a plugin that ...
ZDNet

Large-scale attack tries to steal configuration files from WordPress sites

Hackers have launched a massive campaign against WordPress websites over the past weekend, attacking old vulnerabilities in unpatched plugins to download configuration files from WordPress sites. The ...

WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability ...