New #PHP Exploitation Technique Could Leave Thousand of Websites at Risk of Hacking, Including #WordPress Blogs

https://thehackernews.com/2018/08/php-deserialization-wordpress.html

Critical flaw found in one of the popular Google #AMP (Accelerated Mobile Pages) plugins for #WordPress, installed by more than 100,000+ websites.

https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html

"AMP for WP" patched version 0.9.97.20 has been released – UPDATE NOW

Watch out! Hackers have started exploiting two recently disclosed critical flaws in the 'Social Warfare' plugin for #WordPress.

https://thehackernews.com/2019/04/wordpress-plugin-hacking.html

Although a patched version is available for a month now, thousands of WordPress sites are still using an older version.

During COVID19 pandemic, where many organizations & universities are embracing online learning, researchers discover multiple critical vulnerabilities in 3 widely-used Learning Management System (LMS) plugins for #WordPress sites.

Read more — https://thehackernews.com/2020/04/wordpress-lms-plugins.html

Beware! A critical security flaw (CVE-2023-28121) in the WooCommerce Payments #WordPress plugin is currently being actively exploited by threat actors.

In addition to this, Rapid7 has also discovered ongoing exploitation of Adobe ColdFusion flaws (including CVE-2023-29298), resulting in web shell deployments.

Read details here: https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html