Security News > 2024 > January > Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
Based on statitics from wordpress.org, there are roughly 150,000 sites that run a vulnerable version of the plugin that is lower than 2.8.
WordPress fixes POP chain exposing websites to RCE attacks.
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks.
Over 1,450 pfSense servers exposed to RCE attacks via bug chain.
Fake WordPress security advisory pushes backdoor plugin.