Hackers Target WooCommerce Payments Plugin to Hijack Websites

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are orchestrating a widespread campaign to exploit a pivotal WooCommerce Payments plugin, thereby acquiring the privileges of various users, including those with administrator statu...

Remote Code Execution (RCE)

worldpress/worldpress is vulnerable to Remote Code Execution RCE. Lack of support for the update URI plugin header allows an attacker to execute arbitrary code via a supply-chain attack against the WordPress installations, when the slug satisfies the naming constraints of the WordPress.org plugin...