Patch this WordPress plugin now, thousands of users warned

A critical vulnerability has been identified in a WordPress plugin installed across more than 80,000 websites.  Discovered by researchers at security firm Wordfence, the bug is present in WordPress plugin wpDiscuz (versions 7.0.0 to 7.0.4), used by administrators to...

Millions of WordPress accounts targeted in major cyberattack

Hundreds of thousands of WordPress websites were targeted over the course of 24 hours in a large scale cyberattack with the aim of harvesting database credentials. The cybercriminals behind the attack were attempting to download the wp-config.php configuration files...

Yet more WordPress plugin flaws undermine website security

The WordFence Threat Intelligence team has discovered two high severity vulnerabilities in SiteOrigin’s plugin Page Builder that can be exploited by hackers to create new admin accounts, plant backdoors and even take over compromised websites. The popular...

Thousands of WordPress sites redirecting users to dangerous domains

Over 900,000 WordPress sites have been targeted in a new attack campaign which aims to redirect visitors to malvertising sites or plant backdoors into a theme’s header if an administrator is logged in. The majority of these attacks appear to be the work of a...