Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

A tainted version was pushed as an update to more than 800,000 active websites.

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

WordPress plugin backdoor compromises 20,000+ sites through supply chain attack using blockchain evasion tactics and ...

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, ...

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...

A US-based cyber-security firm has published details about two zero-days that impact two of Facebook's official WordPress plugins. The details also include proof-of-concept (PoC) code that allows ...