Bleeping Computer

New WordPress backdoor creates rogue admin to hijack websites

A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity. The malware is a ...
Bleeping Computer

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. Researchers at webscript security company c/side discovered ...
Searchenginejournal.com

Ultimate Member WordPress Plugin Vulnerability Allows Full Site Takeover

The Ultimate Member WordPress plugin enables publishers to create online communities on their websites. The plugin works by creating a frictionless process for user sign-ups and creation of user ...