A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account.

WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability.

WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability.

The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.

Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit.

WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability.

WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri.

WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week

WordPress fixed three security issues, including a XSS and SQL injection, with WordPress 4.7.2 this week.

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.