Threat Post

WordPress Plugin Bug Lets Subscribers Wipe Sites

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media. Researchers ...
TechSpot

New zero-day vulnerability in BackupBuddy plugin leaves WordPress users at risk

Why it matters: WordPress plugin developer, iThemes, alerted users to a vulnerability related to their BackupBuddy extension earlier this week. The security hole leaves plugin users susceptible to ...
Searchenginejournal.com

WordPress Site Builder Addon Allegedly Adds “Backdoor” To Disable Websites

A widely used add-on plugin for a popular WordPress site builder installed an anti-piracy script that essentially unpublishes all posts. WordPress developers are livid, with some calling the script a ...