Security researchers discovered a hidden HTTP directory that is allowing threat actors to install Shade ransomware on WordPress and Joomla websites.
Researchers discovered a WordPress Exploit in a plugin designed to help site owners comply with the GDPR that enables attackers to take control of admin accounts.
Newly discovered phishing campaigns are targeting WordPress users with malicious emails designed to steal user credentials.
A recent study suggested that small business cybersecurity threats are on the rise, as evidenced by the fact that the average small business website sustained 44 attacks per day during Q4 2017.
With its latest update, WordPress patched a vulnerability that could enable malicious plugin and theme developers to execute SQL injection attacks.
Approximately 200,000 websites running WordPress have been affected by a malware attack that used the Display Widgets plug-in to collect IP addresses.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.
Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.
Starting with the release of version 7.2 at the end of this year, the core of PHP will use Libsodium by default for routine cryptographical operations.