Attackers Compromising Fresh WordPress Installs
Attackers are scanning for new WordPress installations that haven’t been configured yet and compromising them and then using that access to take over entire sites. The attacks have been going on since May and researchers have seen many IP addresses that typically are engaged in other attack campaigns joining in this one, too. Using automated tools, […]
Critical SQL Injection Bug in Plugin Exposes WordPress Sites
Researchers have found a critical SQL injection vulnerability in a popular WordPress plugin used to create photo galleries. The bug in NextGEN Gallery exposes more than a million sites. The vulnerability can be exploited in a couple of different ways, and researchers at Sucuri, who discovered the weakness, say that an attacker could use it […]
Details Emerge of Severe WordPress Content Injection Flaw
WordPress has revealed the details of a critical privilege escalation vulnerability that the company fixed in a security release last week. The bug was part of a major upgrade for WordPress, but the details of the flaw hadn’t come out until now because the company was working with hosting providers and security firms to put […]