The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that ...

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...

A US-based cyber-security firm has published details about two zero-days that impact two of Facebook's official WordPress plugins. The details also include proof-of-concept (PoC) code that allows ...

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, ...

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says ...

All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them ...

The WPS Hide Login WordPress plugin recently patched a vulnerability that exposes users secret login page. The vulnerability allows a malicious hacker to defeat the purpose of the plugin (of hiding ...