A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...

A popular WordPress vulnerability has been found carrying a critical vulnerability which allowed hackers to attack websites, steal sensitive data, and even force them offline. The vulnerability, ...

A popular WordPress quiz plugin can be abused to mount SQL injection attacks ...

The Yellow Pencil Visual Theme Customizer plugin was removed on Monday from the WordPress.org repository because of a privilege escalation bug which would have allowed potential attackers to update ...

The U.S government National Vulnerability Database (NVD) published warnings of vulnerabilities in five WooCommerce WordPress plugins affecting over 135,000 installations. Many of the vulnerabilities ...

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Attackers were spotted targeting ...

Why it matters: WordPress plugin developer, iThemes, alerted users to a vulnerability related to their BackupBuddy extension earlier this week. The security hole leaves plugin users susceptible to ...

Security researcher Jason A. Donenfeld has revealed a security hole in a popular WordPress plugin that could be used to obtain sensitive data from an affected site. The flaw was discovered in W3 Total ...