Use XSHM to identify WordPress websites running on internal networks and behind firewalls and also launch a login bruteforce attack on them.

Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.

In December WordPress 4.7 was released. The most cool part of this release was the inclusion of the WordPress REST API. In development for quite some time it was finally included in core. The WordPress REST API is great for developers because it makes it ...

Owners of sites powered by WordPress can set up a myWidget recommendation plugin for free and offer a personalized selection of their… (more…)

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affec…...