The Hacker News — Most Popular Cyber Security, Hacking News Site: WordPress

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

June 26, 2018Mohit Kumar
UPDATE— WordPress has released version 4.9.7 to finally patch this vulnerability that could allow remote attackers to gain full control ...
Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

December 19, 2017Swati Khandelwal
Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. ...
WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack

WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack

June 30, 2017Wang Wei
A SQL Injection vulnerability has been discovered in one of the most popular Wordpress plugins, installed on over 300,000 websites, whic...
Thousands of WordPress Sites Hacked Using Recently Disclosed Vulnerability

Thousands of WordPress Sites Hacked Using Recently Disclosed Vulnerability

February 07, 2017Swati Khandelwal
Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had thei...
Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!

Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!

February 01, 2017Swati Khandelwal
Last week, WordPress patched three security flaws, but just yesterday the company disclosed about a nasty then-secret zero-day vulnerabil...
WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

April 08, 2016Swati Khandelwal
Do you own a custom domain or a blog under the wordpress.com domain name? If yes, then there is good news for you. WordPress is ...
WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

July 23, 2015Swati Khandelwal
WordPress has just released the new version of its content management system (CMS), WordPress version 4.2.3 , to fix a critical security...
WordPress Analytics Plugin Leaves 1.3 Million Sites Vulnerable to Hackers

WordPress Analytics Plugin Leaves 1.3 Million Sites Vulnerable to Hackers

February 25, 2015Mohit Kumar
A critical vulnerability has been discovered in one of the most popular plugins of the the WordPress content management platform that pu...
GHOST glibc Vulnerability Affects WordPress and PHP applications

GHOST glibc Vulnerability Affects WordPress and PHP applications

January 29, 2015Swati Khandelwal
After the disclosure of extremely critical GHOST vulnerability in the GNU C library (glibc) — a widely used component of most Linux distri...
Website Backdoor Scripts Leverage the Pastebin Service

Website Backdoor Scripts Leverage the Pastebin Service

January 07, 2015Mohit Kumar
The popular copy and paste website ' Pastebin ' created a decade ago for software developers and even by hackers groups to share...
'SoakSoak' Malware Compromises 100,000 WordPress Websites

'SoakSoak' Malware Compromises 100,000 WordPress Websites

December 14, 2014Swati Khandelwal
The users of WordPress , a free and open source blogging tool as well as content management system (CMS), are being informed of a widesp...
Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

July 15, 2014Mohit Kumar
If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability...
Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers

Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers

June 29, 2014Swati Khandelwal
A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the most popul...
Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

June 25, 2014Mohit Kumar
Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousand...
Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

May 31, 2014Wang Wei
Multiple Serious vulnerabilities have been discovered in the most famous ‘ All In One SEO Pack ’ plugin for WordPress, that put millions...
162,000 vulnerable WordPress websites abused to perform DDoS Attack

162,000 vulnerable WordPress websites abused to perform DDoS Attack

March 11, 2014Anonymous
DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites h...
DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

December 04, 2013Mohit Kumar
In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previou...
Thousands of Wordpress blogs compromised to perform DDOS attack

Thousands of Wordpress blogs compromised to perform DDOS attack

September 25, 2013Mohit Kumar
There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet.  In April, 201...
New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

August 08, 2013Anonymous
Password theft has been a growing problem within the security community. Researchers at Arbor Networks have uncovered a botnet called Fort D...
Drupal resets 1 Million Passwords after Data Breach

Drupal resets 1 Million Passwords after Data Breach

May 31, 2013Anonymous
A Drupal data breach was announced by the official Drupal Association, that Passwords for almost one million accounts on the Drupal.org we...