Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

A tainted version was pushed as an update to more than 800,000 active websites.

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...

More than 30 popular WordPress plugins were removed after investigators found backdoors inserted by a new owner following a business sale. The malicious code remained dormant for months before being ...

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

A severe vulnerability in the widely used Forminator WordPress plugin has been disclosed, exposing websites to the risk of arbitrary file deletion and potential site takeover. The flaw, which affects ...

Do you host your own WordPress website? Do you use the popular All in One SEO Pack plugin? If so, you need to update the plugin as soon as possible to the latest version. The All in One SEO Pack ...

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...

This method of entry is commonly executed via your Web browser. Often, the attacked will exploit a flaw in a piece of software, known as a plug-in, upon which your Web browser relies, such as a PDF ...