GitHub

AkashMadanu/XML-RPC-Server-Side-Request-Forgery_Wordpress_Website

My mentor taught me about various WordPress-related vulnerabilities. That knowledge was the foundation. But then I started exploring deeper. Asking "what else can this do?" That's when I found it. A ...
GitHub

umutsevimcann/wp-brute-pro

Note: WPScan is a vulnerability scanner, WP-BRUTE-PRO is a password tester. They complement each other — use WPScan for CVE detection and WP-BRUTE-PRO for password testing. WPScan and Hydra test ...
Threat Post

Infected WordPress Sites Are Attacking Other WordPress Sites

Researchers identified a widespread campaign of brute force attacks against WordPress websites. WordPress sites are being targeted in a series of attacks tied to a 20,000 botnet-strong army of ...
CSOonline

WordPress pingback abuse blamed for massive DDoS attack

On Monday, Daniel Cid, the CTO of Sucuri, said in a blog post that his company recently mitigated a DDoS attack that leveraged more than 162,000 legitimate WordPress installations. The attack was ...
TechCrunch

Oh no Google supports XML-RPC!

Google has announced it’s opened a ping server for bloggers to ping them directly when you create a new blog entry using the XML-RPC protocol. In order to ping Google directly you simply need to add ...
Computer Weekly

More than 162,000 WordPress sites used in DDoS attack

Security researchers have uncovered a distributed denial of service (DDoS) attack that used more than 162,000 legitimate and unwitting WordPress websites. By sending spoofed web requests that appeared ...