Threat Post

Unpatched WordPress Password Reset Vulnerability Lingers

A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account. A zero-day vulnerability exists ...
Bleeping Computer

WordPress Zero-Day Could Expose Password Reset Emails

Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
ZDNet

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...
The Next Web

WordPress.org forces password reset after suspicious plugin activity

After noticing some suspicious commits to popular WordPress plugins today in the main WordPress.org repository, passwords are being reset for all users of WordPress.org, bbPress.org and BuddyPress.org ...