News

Bleeping Computer

Zero-Day in WordPress Plugin Exploited to Create Admin Accounts

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...
ZDNet

WordPress sites under attack as hacker group tries to create rogue admin accounts

A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet. The attacks are an escalation part of a hacking ...
ZDNet

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. The attacks, detected by Wordfence, a company that provides a ...
GIGAZINE

Malware appears that creates a new administrator account in WordPress and takes over the site

Defiant, which develops the WordPress security plugin Wordfence, has revealed the existence of malware that functions as an advanced backdoor that can perform various tasks while masquerading as a ...
Bleeping Computer

New WordPress backdoor creates rogue admin to hijack websites

A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity. The malware is a ...