Hackers are resetting passwords for admin ... can find and view the log," said NinTechNet's Jerome Bruandet. Bruandet says that on sites running vulnerable versions of this plugin, hackers ...

Depending on what kind of server an admin is running, certain plugins might suit their needs better than others. However, some of the most popular options are also the best at management.

Easy WP SMTP, a WordPress plugin for email ... hackers can find and view the log, paving the way for a username enumeration scan. This can allow attackers to find the admin login.

The ASE plugin, with over 100,000 active installations, is designed to enhance WordPress admin workflows. The security flaw originates from the “View Admin as Role” feature, which, when enabled, ...

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and ...

An attacker can bypass a filter that allows them to amend the wp_capabilities record, making themselves a site admin. Plugin Support team member andrewshu confirmed that versions 2.6.4 ...

The plugin also enforces proactive security by alerting users to common mistakes like using the “admin” user name ... allowing an authorized user (admin+) to view the contents of arbitrary ...

The fix was to ensure that the plugin restricted this ability to those with admin privileges; the change was made in updated version 0.9.97.20 [download] of the plugin. The critical issue with ...

The ACF WordPress plugin is a popular development ... author or contributor level of authentication can access admin level privilege in order to view database information. A changelog is a log ...

More than 200,000 WordPress sites are believed to run this ThemeGrill plugin. Further, in some rare circumstances, attackers could also take over vulnerable sites by hijacking their admin account.