Bleeping Computer

Over 6,000 WordPress sites hacked to install plugins pushing infostealers

WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. Over the past couple of years, information-stealing ...
Bleeping Computer

Hackers exploit WordPress plugin auth bypass hours after disclosure

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly ...