News

Bleeping Computer

Zero-Day in WordPress Plugin Exploited to Create Admin Accounts

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...
Bleeping Computer

WordPress Plugin Bug Can Be Exploited to Create Rogue Admins

Owners of WordPress sites who use the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to prevent attackers from creating rogue admins or taking over admin sessions after ...
ZDNet

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. The attacks, detected by Wordfence, a company that provides a ...
Searchenginejournal.com

Ultimate Member WordPress Plugin Vulnerability Allows Full Site Takeover

The Ultimate Member WordPress plugin enables publishers to create online communities on their websites. The plugin works by creating a frictionless process for user sign-ups and creation of user ...
Infosecurity-magazine.com

Major WordPress Plugin Flaw Exploited in Under 4 Hours

A critical vulnerability in the WordPress plugin SureTriggers has exposed thousands of websites to remote attacks, allowing unauthenticated users to create administrative accounts. SureTriggers ...
Ars Technica

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...