PC World

Cookies open WordPress accounts to easy hijacking

If you’re a WordPress.com user you’ll want to be extra cautious the next time you’re tempted to whip up a blog post from your local coffee shop. If anyone on the same open connection is using a ...
Ars Technica

Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass

Memo to anyone who logs in to a WordPress.com-hosted blog from a public Wi-Fi connection or other unsecured network: It’s trivial for the script kiddie a few tables down to hijack your site even if it ...
Bleeping Computer

Malware Uses Fake WordPress API Domain to Steal Sensitive Cookies

Security researchers from Sucuri have found hacked WordPress sites that were altered to secretly siphon off cookies for user and admin accounts to a rogue domain imitating the WordPress API. The ...
Bleeping Computer

WordPress Cookie Consent Plugin Fixes Critical Flaw for 700K Users

Critical bugs found in the WordPress GDPR Cookie Consent plugin used by over 700,000 websites allow potential attackers to delete and change content and inject malicious JavaScript code due to ...
Threat Post

Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Researchers spotted a strain of cookie stealing malware, injected into a legitimate JavaScript file, masquerading as a WordPress core domain. Researchers have identified a strain of cookie stealing ...
ZDNet

Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone

Hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. The campaign has ...
ZDNet

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable ...