Bleeping Computer

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...
Threat Post

WordPress REST API Bug Could Be Used in Stored XSS Attacks

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks. The recently patched WordPress REST API Endpoint vulnerability is ...
Searchenginejournal.com

WordPress Ninja Forms Vulnerability Exposes Over a Million Sites

Today it was disclosed that the popular WordPress contact form called Ninja Forms patched two vulnerabilities, affecting over 1 million WordPress installations. This represents another in a growing ...

All In One SEO WordPress Vulnerability Affects Over 3 Million Sites

A vulnerability in the AIOSEO plugin affecting up to 3 million installations adds to the six vulnerabilities found in 2025.
Bleeping Computer

Over 67,000 Websites Defaced via Recently Patched WordPress Bug

WordPress sites that haven't been updated to the most recent version, v4.7.2, released last week, are under attack as four hacking groups are conducting mass defacement campaigns. According to web ...
ZDNet

Cybercriminals start cashing in on vulnerable WordPress websites

The abuse of a vulnerability in the WordPress REST API has taken an expected turn -- with the monetization of compromised websites for cyberattackers. The security flaw is a patched vulnerability in ...