A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to ...

Malware that passes itself off as a WordPress SEO plugin has been infecting sites and opening a backdoor for hackers on thousands of sites. Malware masquerading itself as an SEO plugin called ...

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.

Microsoft announced a new partnership today that makes it a lot easier to transfer your OneNote writings over to WordPress. The company has created a WordPress plugin that inserts a OneNote button ...

Updates have been released for UpdraftPlus, a WordPress plugin with over 3 million installations, after a vulnerability was discovered by Jetpack security researcher Marc Montpas. Montpas said the ...

A second vulnerability in a high-profile WordPress plugin has come under active exploitation in the span of a week, ZDNet has learned from WordPress security firm Defiant. Attacks are currently ...

Two vulnerabilities were patched in the Facebook for WordPress Plugin. The exploits could allow a malicious attacker to install backdoors, create administrator level accounts and stage a complete site ...

A backup plugin is essential to keeping data safe in case of cyberattack or server outage, so we've compiled best backup plugins as rated by Wordpress users. WordPress is a capable, flexible, and ...

National Vulnerability Database published a vulnerability advisory about the ShortPixel Enable Media Replace WordPress plugin used by over 600,000 websites. A high severity vulnerability was ...

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can give the ability to change root/admin passwords.