Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet. The attacks are an escalation part of a hacking ...

Attention, WordPress users: If you have a WordPress username set to "admin," change it immediately. That warning was issued Friday by WordPress founder Matt Mullenweg, in the wake of reports that ...

Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full admin access on vulnerable sites. Security researchers have confirmed active ...

WordFence disclosed critical RCE flaw (CVE-2025-6389) in Sneeit Framework plugin, affecting versions ≤8.3 Exploitation allows attackers to create admin accounts, install malicious plugins, and hijack ...

Joost de Valk writes that the lack of a unified design system contributes to losing market share to Wix WP Admin console has three user interface designs instead of one like a normal software does ...