Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...
ZDNet

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable ...
Computing

Hackers exploit cross-site scripting vulnerability in WordPress plugin to attack Mailgun site

On Wednesday, Mailgun's website was hacked as part of a coordinated spray-and-pray hacking campaign that has hit several other WordPress websites in recent months. To carry out the attack, hackers ...
Threat Post

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...