Bleeping Computer

200K WordPress Sites Exposed to Takeover Attacks by Plugin Bug

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the ...
Threat Post

200K WordPress Sites Vulnerable to Plugin Flaw

Developers behind WordPress plugin Code Snippets have issued a patch for the high-severity flaw. A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...
Threat Post

Critical Remote Code Execution Flaw Found in WordPress Plugin

There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker ...
Ars Technica

Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets

Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability ...