A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the ...

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.

A critical security issue found in the Ad Inserter WordPress plugin currently installed on over 200,000 websites allows authenticated attackers to remotely execute PHP code. Ad Inserter is an "ad ...

The bug has been under active attack as a zero-day. A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of ...