WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability ...
Bleeping Computer

Hackers tried to steal database logins from 1.3M WordPress sites

A large scale attack targeted hundreds of thousands of WordPress websites over the course of 24 hours, attempting to harvest database credentials by stealing config files after abusing known XSS ...