Bleeping Computer

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) ...
Bleeping Computer

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...
Infosecurity-magazine.com

New PhishWP Plugin Enables Sophisticated Payment Page Scams

A newly identified WordPress plugin called PhishWP has been used by cybercriminals to create fake payment pages mimicking legitimate services like Stripe, enabling the theft of sensitive financial and ...
Searchenginejournal.com

WordPress Contact Form 7 Redirection Plugin Vulnerability Hits 300k Sites

A vulnerability advisory was issued for a WordPress Contact Form 7 add-on plugin that enables unauthenticated attackers to “easily” launch a remote code execution. The vulnerability is rated high (8.8 ...