Hackers hijack WordPress sites to spread malware using fake CAPTCHA

A ClickFix attack can come in all shapes and sizes, including through compromised WordPress websites.
Searchenginejournal.com

WordPress Just Locked Down Security For All Plugins & Themes

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

WordPress Security Release 6.9.4 Fixes Issues 6.9.2 Failed To Address

WordPress releases an additional security release 6.9.4 to fix vulnerabilities previous update 6.9.2 failed to address ...

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data ...
Bleeping Computer

Fake WordPress security advisory pushes backdoor plugin

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...
Morocco World News

Morocco Warns of Major Security Vulnerabilities in WordPress Plugins

Morocco’s DGSSI has issued a security bulletin warning about vulnerabilities affecting several WordPress plugins.
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

WordPress membership plugin bug exploited to create admin accounts

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than ...