Bleeping Computer

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL ...
Bleeping Computer

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

The structure of the possible queries limits the attack to time-based blind SQL injection, meaning that the attackers need to observe the response times to infer data from the database.
Threat Post

WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites

The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. WP Statistics, a plugin installed on more than 600,000 WordPress websites, ...