Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

A tainted version was pushed as an update to more than 800,000 active websites.

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says ...

According to WPZOOM, there are over 70,000 plugins for WordPress. Seventy. Thousand. Plugins were supposed to make building and maintaining websites easier. And while they might well do that, they ...

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

WordPress announced a proposal to take a more proactive approach toward third party plugins in order to improve security and site performance. What is being discussed is a plugin checker that will ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Shana Dacres-Lawrence explains the complex ...