Threat Post

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...
CSOonline

WordPress plugin hole enables account takeover

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can give the ability to change root/admin passwords. The disclosure of a major ...
Bleeping Computer

Over 150k WordPress sites at takeover risk via vulnerable plugin

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. Last month, ...