Searchenginejournal.com

WPBakery WordPress Vulnerability Lets Attackers Inject Malicious Code

An advisory was issued for the popular WPBakery plugin that’s bundled in thousands of WordPress themes. The vulnerability enables authenticated attackers to inject malicious scripts that execute when ...
Searchenginejournal.com

WordPress Developer Publishes Code To Block Mullenweg’s Web Hosting Clients

A prolific WordPress plugin publisher who has created over three dozen free plugins has released code that other plugin and theme publishers can use to block client’s of Matt Mullenweg’s WordPress.com ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
Dark Reading

'Etherhiding' Blockchain Technique Masks Malicious Code in WordPress Sites

A threat actor has been abusing proprietary blockchain technology to hide malicious code in a campaign that uses fake browser updates to spread various malware, including the infostealers RedLine, ...