Threat Post

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. For the second time this month a patch has been ...
Bleeping Computer

Wordpress Slick Popup Plugin Contains Vulnerable Support Backdoor

Hackers subscribed to WordPress websites running Slick Popup plugin can take over the website by enabling a backdoor administrator account with hardcoded credentials. The vulnerability is active at ...
TechCrunch

WordPress.com owner Automattic acquires an ActivityPub plug-in so blogs can join the Fediverse

WordPress.com sites now have an easier way to integrate with the Fediverse, including Mastodon. Automattic, the company behind WordPress.com, Tumblr and other web publishing tools, is the new owner of ...
Bleeping Computer

Backdoor baked into premium school management plugin for WordPress

Security researchers have discovered a backdoor in a premium WordPress plugin designed as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code ...
Arabian Post

Plugin trust crisis hits WordPress

More than 30 WordPress plugins tied to the developer Essential Plugin were taken offline after a hidden backdoor was found in code distributed to live websites, exposing site owners to unauthorised ...