A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.

Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in ...

King Addons plugin had two critical flaws enabling full WordPress site takeover Bugs allowed unauthenticated file uploads and privilege escalation via registration endpoint Users must update to ...

Updates have been released for UpdraftPlus, a WordPress plugin with over 3 million installations, after a vulnerability was discovered by Jetpack security researcher Marc Montpas. Montpas said the ...

The WordPress developer team is working on adding an auto-update mechanism to themes and plugins, a common source of website hacks, primarily because site owners usually install themes and plugins, ...

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the ...

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The ...