Bleeping Computer

Vulnerability in AMP for WP Plugin Allowed Admin Access to WordPress

A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations allows any registered user to escalate their privileges to gain administrative access to the ...
Bleeping Computer

WordPress migration add-on flaw could lead to data breaches

All-in-One WP Migration, a popular data migration plugin for WordPress sites with 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to ...
Searchenginejournal.com

WordPress Easy WP SMTP Plugin Vulnerability

Popular WordPress plugin Easy WP SMTP plugin, with over 500,000 active installations, just patched a vulnerability that allows an attacker to take control of a site. The flaw in the WordPress plugin ...
Threat Post

Critical WordPress Plugin Flaw Grants Admin Access to Any Registered Site User

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. Another day, another critical WordPress plugin vulnerability.
ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
Searchenginejournal.com

Mullenweg Disgusted & Sickened As WP Engine Regains Access

WP Engine regained control of their Advanced Custom Forms plugin and login access to WordPress.org. Matt Mullenweg responded by expressing that he is “disgusted and sickened.” Mullenweg tweeted about ...
Threat Post

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. For the second time this month a patch has been ...