Threat Post

Updates Fix PHP-Injection Flaw in Popular WordPress Plugins

A pair of popular WordPress plugins used to help sites cache content have fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super ...
Bleeping Computer

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. Known as Backup Migration, ...
Dark Reading

Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover

A critical unauthenticated remote control execution (RCE) bug in a backup plug-in that's been downloaded more than 90,000 times exposes vulnerable WordPress sites to takeover — another example of the ...