A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data ...

Page Builder by SiteOrigin WordPress plugin vulnerability enables attackers to execute arbitrary server files.

Ally was carrying an SQL injection flaw that allowed data exfiltration.

WordPress releases an additional security release 6.9.4 to fix vulnerabilities previous update 6.9.2 failed to address ...

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven’t yet applied a recent patch for a critical vulnerability. The vulnerability, located in the platform’s REST API, ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

Attackers are actively exploiting a critical vulnerability in BackupBuddy, a WordPress plug-in that an estimated 140,000 websites are using to back up their installations. The vulnerability allows ...

A WordPress plug-in could potentially allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. This poses a potential risk to those who use WordPress for e-commerce. Dr.

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked. Patchstack discusses the details in their advisory. Since last Friday, ...