A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. An easy-to-exploit bug impacting the WordPress plugin ReDi ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

A popular WordPress plugin for privacy compliance with over 800,000 installations recently patched a stored XSS vulnerability that could allow an attacker to upload malicious scripts for launching ...

A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity. The malware is a ...

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware ...

A dangerous malware variant disguised as a legitimate WordPress plugin has been uncovered by security researchers. The malware, named “WP-antymalwary-bot.php,” gives attackers persistent access to ...

A critical vulnerability in the WordPress plugin SureTriggers has exposed thousands of websites to remote attacks, allowing unauthenticated users to create administrative accounts. SureTriggers ...

The RocketGenius website served a malicious variant of the Gravity Forms WordPress add-on for a few hours The variant harvested extensive information and allowed for RCE The malware affected only ...

Remember the Apple campaign “There’s an App for That” from 2009? Well, the same principle now applies to WordPress. It doesn’t matter what kind of functionality you’re looking for — enhanced security ...