有研究人员披露，黑客目前正积极利用 WordPress 的 WP Automatic 插件中的一个严重漏洞来创建具有管理权限的用户账户，并植入后门以实现长期访问。 WP Automatic 现已被安装在 30000 多个网站上，让管理员自动从各种在线资源导入内容（如文本、图片、视频），并在 ...

A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database. The vulnerable plugin's ...

A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL-injection attack. A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and ...

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL ...

A bug discovered in WordPress allows attackers to trigger an SQL injection attack leading to complete website hijacking. The vulnerability was discovered in the WordPress content management system ...

WordPress has patched three security flaws including a cross-site scripting (XSS) vulnerability and SQL injection problem which could lead to the creation of new vulnerabilities. Last week, the ...

Popular search engine optimization plugin, SEO by Yoast fixed a blind SQL injection vulnerability yesterday that could be exploited to take control of affected sites. SEO by Yoast, a popular search ...