The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: WordPress

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

March 14, 2019Swati Khandelwal
If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recom...
Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years

Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years

February 19, 2019Swati Khandelwal
Exclusive — If you have not updated your website to the latest WordPress version 5.0.3, it’s a brilliant idea to upgrade the content man...
Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

November 15, 2018Mohit Kumar
A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress th...
Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

June 27, 2018Mohit Kumar
UPDATE— WordPress has released version 4.9.7 to finally patch this vulnerability that could allow remote attackers to gain full control ...
Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

December 20, 2017Swati Khandelwal
Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. ...
WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack

WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack

July 01, 2017Wang Wei
A SQL Injection vulnerability has been discovered in one of the most popular Wordpress plugins, installed on over 300,000 websites, whic...
Thousands of WordPress Sites Hacked Using Recently Disclosed Vulnerability

Thousands of WordPress Sites Hacked Using Recently Disclosed Vulnerability

February 08, 2017Swati Khandelwal
Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had thei...
Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!

Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!

February 02, 2017Swati Khandelwal
Last week, WordPress patched three security flaws, but just yesterday the company disclosed about a nasty then-secret zero-day vulnerabil...
WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

April 09, 2016Swati Khandelwal
Do you own a custom domain or a blog under the wordpress.com domain name? If yes, then there is good news for you. WordPress is ...
WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

July 23, 2015Swati Khandelwal
WordPress has just released the new version of its content management system (CMS), WordPress version 4.2.3 , to fix a critical security...
WordPress Analytics Plugin Leaves 1.3 Million Sites Vulnerable to Hackers

WordPress Analytics Plugin Leaves 1.3 Million Sites Vulnerable to Hackers

February 25, 2015Mohit Kumar
A critical vulnerability has been discovered in one of the most popular plugins of the the WordPress content management platform that pu...
GHOST glibc Vulnerability Affects WordPress and PHP applications

GHOST glibc Vulnerability Affects WordPress and PHP applications

January 30, 2015Swati Khandelwal
After the disclosure of extremely critical GHOST vulnerability in the GNU C library (glibc) — a widely used component of most Linux distri...
Website Backdoor Scripts Leverage the Pastebin Service

Website Backdoor Scripts Leverage the Pastebin Service

January 08, 2015Mohit Kumar
The popular copy and paste website ' Pastebin ' created a decade ago for software developers and even by hackers groups to share...
'SoakSoak' Malware Compromises 100,000 WordPress Websites

'SoakSoak' Malware Compromises 100,000 WordPress Websites

December 15, 2014Swati Khandelwal
The users of WordPress , a free and open source blogging tool as well as content management system (CMS), are being informed of a widesp...
Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

July 15, 2014Mohit Kumar
If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability...
Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers

Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers

June 30, 2014Swati Khandelwal
A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the most popul...
Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

June 26, 2014Mohit Kumar
Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousand...
Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

May 31, 2014Wang Wei
Multiple Serious vulnerabilities have been discovered in the most famous ‘ All In One SEO Pack ’ plugin for WordPress, that put millions...
162,000 vulnerable WordPress websites abused to perform DDoS Attack

162,000 vulnerable WordPress websites abused to perform DDoS Attack

March 12, 2014Anonymous
DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites h...
DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

December 04, 2013Mohit Kumar
In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previou...
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.