PC World

Cookies open WordPress accounts to easy hijacking

If you’re a WordPress.com user you’ll want to be extra cautious the next time you’re tempted to whip up a blog post from your local coffee shop. If anyone on the same open connection is using a ...
ZDNet

Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone

Hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. The campaign has ...
Threat Post

Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Researchers spotted a strain of cookie stealing malware, injected into a legitimate JavaScript file, masquerading as a WordPress core domain. Researchers have identified a strain of cookie stealing ...
Ars Technica

Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass

Memo to anyone who logs in to a WordPress.com-hosted blog from a public Wi-Fi connection or other unsecured network: It’s trivial for the script kiddie a few tables down to hijack your site even if it ...
ZDNet

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable ...
Bleeping Computer

Malware Uses Fake WordPress API Domain to Steal Sensitive Cookies

Security researchers from Sucuri have found hacked WordPress sites that were altered to secretly siphon off cookies for user and admin accounts to a rogue domain imitating the WordPress API. The ...
Bleeping Computer

Hackers target 1.5M WordPress sites with cookie consent plugin exploit

Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active ...