A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to ...

Malware that passes itself off as a WordPress SEO plugin has been infecting sites and opening a backdoor for hackers on thousands of sites. Malware masquerading itself as an SEO plugin called ...

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.

WordPress announced a proposal to take a more proactive approach toward third party plugins in order to improve security and site performance. What is being discussed is a plugin checker that will ...

Two vulnerabilities were patched in the Facebook for WordPress Plugin. The exploits could allow a malicious attacker to install backdoors, create administrator level accounts and stage a complete site ...

Microsoft announced a new partnership today that makes it a lot easier to transfer your OneNote writings over to WordPress. The company has created a WordPress plugin that inserts a OneNote button ...

A second vulnerability in a high-profile WordPress plugin has come under active exploitation in the span of a week, ZDNet has learned from WordPress security firm Defiant. Attacks are currently ...

A popular Wordpress plug-in installed on around 300,000 websites has been compromised with malicious code opening a back door into the websites. Wordpress stumbled across the plug-in and banned it ...

A backup plugin is essential to keeping data safe in case of cyberattack or server outage, so we've compiled best backup plugins as rated by Wordpress users. WordPress is a capable, flexible, and ...

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can give the ability to change root/admin passwords.