Popular WordPress redirect plugin hid dormant backdoor for years

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that ...
Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...