The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that ...

WordPress plugin backdoor compromises 20,000+ sites through supply chain attack using blockchain evasion tactics and persistent PHP injection.

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...

Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says ...

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, ...

Another major WordPress plugin was found vulnerable to a high-severity flaw which allowed malicious actors to steal sensitive information from the website, including password hashes. LayerSlider has ...

If your WordPress website is running the Modern Events Calendar plugin, make sure to update immediately, since it carries a high-severity vulnerability that can be abused for full website takeover. To ...

A US-based cyber-security firm has published details about two zero-days that impact two of Facebook's official WordPress plugins. The details also include proof-of-concept (PoC) code that allows ...

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...