Bleeping Computer

Hackers exploit WordPress plugin auth bypass hours after disclosure

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly ...
ZDNet

Large-scale attack tries to steal configuration files from WordPress sites

Hackers have launched a massive campaign against WordPress websites over the past weekend, attacking old vulnerabilities in unpatched plugins to download configuration files from WordPress sites. The ...
Bleeping Computer

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

The flaws tracked as CVE-2020-10196 and CVE-2020-10195 allow for unauthenticated stored XSS, configuration disclosure, user data export, and website settings modification. Sygnoos fixed the security ...