新浪网

新型 WordPress 恶意软件曝光:伪装成安全工具,管理员权限瞬间沦陷

IT之家 5 月 1 日消息,科技媒体 bleepingcomputer 昨日(4 月 30 日)发布博文,报道了一种针对 WordPress 网站的新型恶意软件,伪装成安全工具插件,诱导用户下载并安装。 Wordfence 研究团队警告称,该恶意软件能赋予攻击者持续的访问权限,允许他们执行远程代码并 ...
ZDNet

PHP Everywhere code execution bugs impact thousands of WordPress websites

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...
Bleeping Computer

Over 90 WordPress themes, plugins backdoored in supply chain attack

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 ...
The Droid Guy

How to Identify Which WordPress Plugin or Theme Is Blocking Your PHP Update and Preventing ...

If you’ve logged into your WordPress dashboard and seen the warning that your site is running on PHP 7.4.33, you’re not alone. This outdated version no longer receives security updates, which makes ...