Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects March 22, 2019 https://www.bleepingcomputer.com/ne...ulnerability-used-to-add-malicious-redirects/
Popular Yuzo WordPress Plugin Exploited to Redirect Users to Scams April 10, 2019 https://www.bleepingcomputer.com/ne...-plugin-exploited-to-redirect-users-to-scams/
Mailgun hacked part of massive attack on WordPress sites Spray-and-pray hacking campaign hits Mailgun's WordPress site and redirects users to malicious sites April 10, 2019 https://www.zdnet.com/article/mailgun-hacked-part-of-massive-attack-on-wordpress-sites/
WordPress Yellow Pencil Plugin Flaws Actively Exploited Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered April 12, 2019 https://threatpost.com/wordpress-yellow-pencil-plugin-exploited/143729/
A security researcher with a grudge is dropping Web 0days on innocent users Exploits published over the past three weeks exposed 160,000 websites to potent attacks April 13, 2019 https://arstechnica.com/information...udge-is-dropping-web-0days-on-innocent-users/
Exploits in the Wild for WordPress Social Warfare Plugin CVE-2019-9978 April 22, 2019 https://unit42.paloaltonetworks.com...ordpress-social-warfare-plugin-cve-2019-9978/
Flashpoint: Our site was not dishing malware April 23, 2019 https://www.scmagazine.com/home/security-news/flashpoint-our-site-was-not-dishing-malware/ Flash Point: After-Action Report: Flashpoint Remediation of 0-Day Exploit on Our Public-Facing Website
Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts May 15, 2019 https://www.bleepingcomputer.com/ne...live-chat-plugin-lets-hackers-inject-scripts/
Currently Tracking: WordPress Plugin Vulnerabilities Causing Malicious Redirects May 17, 2019 https://www.sitelock.com/blog/tracking-wordpress-plugin-vulnerabilities/
Hackers actively exploit WordPress plugin flaw to send visitors to bad sites May 30, 2019 https://arstechnica.com/information...ss-plugin-flaw-to-send-visitors-to-bad-sites/
Irked Researcher Discloses Facebook WordPress Plugin Flaws Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook June 17, 2019 https://threatpost.com/irked-researcher-discloses-facebook-wordpress-plugin-flaws/145771/
Recent WordPress Vulnerabilities Targeted by Malvertising Campaign July 22, 2019 https://www.wordfence.com/blog/2019...rabilities-targeted-by-malvertising-campaign/
Authenticated XSS Found in WordPress Plugin Facebook Widget July 29, 2019 https://www.securityweek.com/authenticated-xss-found-wordpress-plugin-facebook-widget
WordPress plugins vulnerable to redirects August 27, 2019 https://www.scmagazine.com/home/security-news/cyberattack/wordpress-plugins-vulnerable-to-redirects/
WordPress sites under attack as hacker group tries to create rogue admin accounts Hackers exploit vulnerabilities in more than ten WordPress plugins to plant backdoor accounts on unpatched sites August 30, 2019 https://www.zdnet.com/article/wordp...r-group-tries-to-create-rogue-admin-accounts/ Wordfence: Ongoing Malvertising Campaign Evolves, Adds Backdoors and Targets New Plugins
Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin September 25, 2019 https://www.bleepingcomputer.com/ne...patched-bug-in-rich-reviews-wordpress-plugin/
Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing October 22, 2019 https://threatpost.com/open-redirect-bug-bridge-theme/149437/ Wordfence: Open Redirect Vulnerability Patched In Bridge Theme
WordPress plugin bug lets hackers create rogue admin accounts April 27, 2020 https://www.bleepingcomputer.com/ne...bug-lets-hackers-create-rogue-admin-accounts/ Wordfence: High Severity Vulnerability Patched in Real-Time Find and Replace Plugin
Hackers target WordPress sites running OneTone theme April 28, 2020 https://www.techradar.com/news/hackers-target-wordpress-sites-running-onetone-theme Sucuri: OneTone Vulnerability Leads to JavaScript Cookie Hijacking
KingComposer fixes a reflected XSS impacting 100,000 WordPress sites July 10, 2020 https://securityaffairs.co/wordpress/105749/hacking/kingcomposer-reflected-xss.html Wordfence: XSS Flaw Impacting 100,000 Sites Patched in KingComposer
WordPress plugin bug impacts 1M sites, allows malicious redirects October 28, 2021 https://www.bleepingcomputer.com/ne...-impacts-1m-sites-allows-malicious-redirects/ Wordfence: 1,000,000 Sites Affected by OptinMonster Vulnerabilities