Bleeping Computer

Vulnerability in AMP for WP Plugin Allowed Admin Access to WordPress

A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations allows any registered user to escalate their privileges to gain administrative access to the ...
ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
Dark Reading

WordPress Hackers Exploit Username 'Admin'

Attention, WordPress users: If you have a WordPress username set to "admin," change it immediately. That warning was issued Friday by WordPress founder Matt Mullenweg, in the wake of reports that ...