ZDNet

WordPress to show warnings on servers running outdated PHP versions

The WordPress open-source content management system (CMS) will show warnings in its backend admin panel if the site runs on top of an outdated PHP version. The current plan is to have the warnings ...
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...

Sneeit WordPress RCE flaw allows hackers to add themselves as admin - here's how to stay safe

A critical flaw in a WordPress add-on was recently patched, which allows crooks to add a rogue admin account to the site.
Bleeping Computer

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use ...
Searchenginejournal.com

WordPress Security Plugin Exposes +1 Million Websites

The WPS Hide Login WordPress plugin recently patched a vulnerability that exposes users secret login page. The vulnerability allows a malicious hacker to defeat the purpose of the plugin (of hiding ...
Ars Technica

~11,000 sites have been infected with malware that’s good at avoiding detection

Nearly 11,000 websites in recent months have been infected with a backdoor that redirects visitors to sites that rack up fraudulent views of ads provided by Google Adsense, researchers said. All ...