有研究人员披露，黑客目前正积极利用 WordPress 的 WP Automatic 插件中的一个严重漏洞来创建具有管理权限的用户账户，并植入后门以实现长期访问。 WP Automatic 现已被安装在 30000 多个网站上，让管理员自动从各种在线资源导入内容（如文本、图片、视频），并在 ...

A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL-injection attack. A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and ...

More than one million different WordPress sites may be vulnerable to a critical plugin issue that could lead to SQL injections and in turn, total site takeover. More than one million WordPress sites ...

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL ...

WordPress has patched three security flaws including a cross-site scripting (XSS) vulnerability and SQL injection problem which could lead to the creation of new vulnerabilities. Last week, the ...

In a nutshell: Many WordPress plugins are designed to enhance the content management system's ability to quickly and easily share content from almost anywhere on the internet. But one popular ...

A bug discovered in WordPress allows attackers to trigger an SQL injection attack leading to complete website hijacking. The vulnerability was discovered in the WordPress content management system ...

Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing ...