Bleeping Computer

WordPress Zero-Day Could Expose Password Reset Emails

Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
Bleeping Computer

WordPress Plugin Bugs Let Hackers Wipe or Takeover Your Site

Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in ...