Bleeping Computer

Hackers exploit WordPress plugin auth bypass hours after disclosure

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly ...
ZDNet

Large-scale attack tries to steal configuration files from WordPress sites

Hackers have launched a massive campaign against WordPress websites over the past weekend, attacking old vulnerabilities in unpatched plugins to download configuration files from WordPress sites. The ...