有研究人员披露，黑客目前正积极利用 WordPress 的 WP Automatic 插件中的一个严重漏洞来创建具有管理权限的用户账户，并植入后门以实现长期访问。 WP Automatic 现已被安装在 30000 多个网站上，让管理员自动从各种在线资源导入内容（如文本、图片、视频），并在 ...

A bug discovered in WordPress allows attackers to trigger an SQL injection attack leading to complete website hijacking. The vulnerability was discovered in the WordPress content management system ...

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL ...

A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL-injection attack. A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and ...

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term ...

Duplicate Page is an open source pluginfor WordPress that does just what you think it will do. It duplicates pages. There are over 800,000 installations of the plugin. It will duplicate pages, posts ...

Attackers can exploit a critical SQL injection vulnerability found in a widely used WordPress plug-in to compromise more than 1 million sites and extract sensitive data such as password hashes from ...

Over one million websites running the WordPress content management system are potentially at risk of being hijacked due to a critical vulnerability exposed in the WP-Slimstat plugin. On Tuesday, a ...

WordPress announced it has patched four vulnerabilities that are rated as high as 8 on a scale of 1 to 10. The vulnerabilities are in the WordPress core itself and are due to flaws introduced by the ...