Searchenginejournal.com

WordPress Backup Plugin Vulnerability Affects 5+ Million Websites

A high-severity vulnerability was discovered and patched in the All-in-One WP Migration and Backup plugin, which has over five million installations. The vulnerability requires no user authentication, ...

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.
TechCrunch

Amazon launches a Polly WordPress plugin that turns blog posts into audio, including podcasts

Amazon today is launching a new Amazon Polly WordPress plugin that gives your blog a voice by creating audio versions of your posts. The resulting audio can be played from within the blog post itself, ...
Bleeping Computer

Security plugin flaw in millions of WordPress sites gives admin access

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...
Search Engine Land

Microsoft releases IndexNow plugin for WordPress

Microsoft Bing has published a new WordPress plugin that makes it easy to integrate your WordPress blog and site with the IndexNow protocol. The plugin was released over the holidays and is available ...
CSOonline

Critical plugin flaw opens over a million WordPress sites to RCE attacks

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.

Attention content creators: your WordPress plugin of choice may have been compromised

Don't blog without the proper protections in place, folks.

WordPress websites under attack — dozens of plugins hijacked to target thousands of sites

A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.