Wordpress Pinterest Automatic plugin (7,000+ installations) fixed a critical vulnerability affecting version 4.14.3 and below that could allow unauthenticated users to take over the website and its database.
A while back, I explained how hackers created hidden admin users after hacking a WordPress blog. In this post, we will see how they upload and hide rogue plugins.
The WooCommerce Dynamic Pricing and Discounts plugin (19,000+ installations), fixed multiple unauthenticated vulnerabilities affecting version 2.4.1 and below.
Did you know the EICAR AV Test file was a program? In this post, we disassemble that 68-byte COM program and analyze its code.
Multiple WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.