Bleeping Computer

WordPress Zero-Day Could Expose Password Reset Emails

Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
Bleeping Computer

WordPress Plugin Bugs Let Hackers Wipe or Takeover Your Site

Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in ...
ZDNet

WordPress plugin vulnerability can be exploited for total website takeover

A WordPress plugin has been found to contain "easily exploitable" security issues that can be exploited to completely take over vulnerable websites. The plugin at the heart of the matter, WP Database ...