Bleeping Computer

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...
ZDNet

Thousands of WordPress websites defaced through patch failures

Thousands of WordPress domains have been subject to attack through a severe content injection security flaw that many website operators have failed to protect themselves against. The security flaw, a ...
Ars Technica

Researchers find backdoor lurking in WordPress plugin used by schools

Researchers said on Friday that they found a malicious backdoor in a WordPress plugin that gave attackers full control of websites that used the package, which is marketed to schools. Jetpack said it ...