Hackers hijack WordPress sites to spread malware using fake CAPTCHA

A ClickFix attack can come in all shapes and sizes, including through compromised WordPress websites.
Bleeping Computer

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...
Infosecurity-magazine.com

Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign

A widespread cyber-criminal campaign has compromised legitimate WordPress websites to infect visitors with infostealer malware, threat researchers at Rapid 7 have warned. The global operation has ...

WordPress Releases Updated AI Experiments Plugin

The WordPress AI Experiments plugin is available for download, and contributors continue development toward version 0.5.0. Each update adds tools and refinements that users can test while contributors ...
PCMag

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Delete Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed to delete articles and place Russian text in the edit summary.

Hackers exploiting WordPress membership plugin bug to create admin accounts

A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.