Bleeping Computer

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...
ZDNet

WordPress: Why we didn't tell you about a big zero-day we fixed last week

WordPress has revealed that last week's security update silently fixed a critical remote code execution bug. WordPress says it kept the vulnerability under wraps for a week to give millions of the ...