Bleeping Computer

Zero-Day in WordPress Plugin Exploited to Create Admin Accounts

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...
The Hindu

Hackers target critical vulnerability in WordPress plugin to compromise websites: Report

Hackers are using a critical vulnerability in the WP Automatic, a plugin used by more than 30,000 websites in WordPress. The vulnerability is being exploited to create user accounts with ...