Threat Post

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs. Two high-severity vulnerabilities in Post Grid, a WordPress plugin ...
ZDNet

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. The attacks, detected by Wordfence, a company that provides a ...

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.