A massive attack at the end of May targeted the database credentials of some 1.3 million WordPress sites.
Nearly 1 million WordPress sites are being hit by what is likely a single threat actor attempting to inject a redirect into the sites by exploiting a cross site scripting vulnerability.
Hackers are attempting to take over tens of thousands of WordPress sites by exploiting critical vulnerabilities including a zero-day in multiple plugins that allow them to create rogue administrator accounts and to plant backdoors.
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.
Researchers are warning of an ongoing campaign exploiting vulnerabilities in a slew of WordPress plugins. The campaign is redirecting traffic from victims' websites to a number of potentially harmful locations.
Security researchers are monitoring a new hacking campaign aimed at Joomla and WordPress websites, attackers used .htaccess injector for malicious redirect.
A trio of critical zero-day vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks after a security researcher publicly disclosed the flaws before patches were made available.
WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites.