Bleeping Computer

Hackers tried to steal database logins from 1.3M WordPress sites

A large scale attack targeted hundreds of thousands of WordPress websites over the course of 24 hours, attempting to harvest database credentials by stealing config files after abusing known XSS ...

WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability ...