Attackers have been setting their sights on freshly installed WordPress deployments, taking advantage of users who fail to follow through when it comes to configuring their server’s settings.

Researchers at the WordPress security plugin WordFence said Tuesday they observed a significant spike in attacks targeting WordPress accounts from the end of May to mid-June. The biggest increase in scans – roughly 7,500 a day – came on May 30. According to Mark Maunder, the company’s CEO and founder, attackers mounted thousands of scans each day for a URL that new WordPress installations use to setup new sites. 

Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had their hands on the nasty bug to exploit millions of WordPress websites.

To ensure the security of millions of websites and its users, WordPress delayed the vulnerability disclosure for over a week and worked closely with security companies and hosts to install the patch, ensuring that the issue was dealt with in short order before it became public. But even after the company's effort to protect its customers, thousands of admins did not bother to update their websites, which are still vulnerable to the critical bug.

Today news broke of a particularly nasty zero day vulnerability in the Wordpress REST API. The vulnerability in this case would allow for content injection as well as privilege escalation. This vulnerability would an unauthenticated interloper to modified basically any content that they would see fit. Posts, pages, all fair game.

This is anything but a small issue and from what I’ve read thus far, trivial to exploit by an attacker. The issue in this case was discovered by a security researcher at Sucuri. For the uninitiated, Wordpress is an open source CMS platform that was first introduced to the world in May 2003.

Webmasters still using the deprecated WP Marketplace WordPress plugin should update to a new e-commerce utility as soon as possible, and remove the plugin from their sites in order to avoid having their servers compromised.

The reason for this warning is a security flaw that affects the plugin. The issue allows an attacker to upload arbitrary files on websites where this plugin is installed. Depending on the attacker's skills, the proper files and exploits, a third-party can potentially take over a site's underlying server. Security researchers from White Fir Design discovered this flaw, which is an arbitrary file upload vulnerability.

Automattic, the company that supervises WordPress and WooCommerce development, has patched a persistent XSS vulnerability in the WooCommerce e-commerce plugin for WordPress.

This bugfix is crucial because it has the potential to affect over one million WordPress-powered stores, according to the most recent statistics from the WP Plugin Directory. Security researcher has discovered the vulnerability as part of the Summer of Pwnage event. It is a unique event that gathers security researchers from around the globe, and this year, they have set their sights on discovering and reporting security bugs in the WordPress platform.

Sucuri threat researcher says a "massive" advertising scam campaign is affecting users visiting WordPress sites, injecting backdoors and constantly re-infecting sites.

The prolific virus-destroyer says writers are injecting code into all JavaScript files on a targeted WordPress sites. First time visitors will cop a cookie that generates fraudulent advertising income for VXers. This past weekend experts registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. This malware uploads multiple backdoors into various locations on the web server and frequently updates the injected code.

Italian security researchers from VoidSec have come across a botnet structure that was using vulnerable Aethra Internet routers and modems to launch brute-force attacks on WordPress websites.

This particular incident was uncovered after one of the VoidSec researchers was sifting through his WordPress log file and found a brute-force attack coming from the same IP range. After further investigation, all the IPs came from six Internet Service Providers: Fastweb, Albacom, Clouditalia, Qcom, WIND, and BSI Assurance UK, four of which are from Italy. What all these networks had in common were Aethra routers.

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress has been once again targeted by hackers at large scale.

Researchers have detected a “Malware Campaign” with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Security researchers call this malware attack as “VisitorTracker”. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and number of known and unknown Browser exploits.

The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server.

Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet. Both vulnerabilities are known as stored, or persistent, cross-site scripting bugs. They allow an attacker to inject code into the HTML content received by administrators who maintain the website. Both attacks work by embedding malicious code into the comments section.

The US FBI just released a public service announcement to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities.

The defacements have affected Web site operations and the communication platforms and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. The FBI explained what happens when a site gets compromised.