Tagged: wordpress


Many website are using backdoored WordPress Plugins

According to foreign media reports on December 26, 14 WordPress malicious plugin discovered and deleted by the WordPress team in 2014 is still used by hundreds of websites. These malicious plug-ins may allow an attacker to execute...


WordPress <= 4.6.1 RCE via specially crafted .mo language file

Vulnerability Impact Arbitrary code execution with the following two conditions: An attacker can upload your own configuration language file, or the file containing the language themes, plug-ins folder Website attacker constructs using good language...