The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that ...

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

A 2026 WordPress supply-chain attack allegedly turned 30+ sold plugins into a dormant backdoor operation that hid SEO spam from site owners, persisted beyond a forced update, and exposed deep ...

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk Your email has been sent A vulnerability in a widely used WordPress accessibility plugin could allow ...

The Internet Archive and Automattic have teamed up to tackle one of the web’s biggest annoyances: “link rot.” The two companies have released a new WordPress plugin called Link Fixer that ...

A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS ...

Three critical-severity vulnerabilities in the GutenKit and Hunk Companion WordPress plugins have been exploited in a new campaign, Defiant warns. Mass exploitation of the security defects started on ...

A vulnerability advisory was issued for a WordPress plugin that saves contact form submissions. The flaw enables unauthenticated attackers to delete files, launch a denial of service attack, or ...

An advisory was issued about a critical vulnerability in the popular Tutor LMS Pro WordPress plugin. The vulnerability, rated 8.8 on a scale of 1 to 10, allows an authenticated attacker to extract ...

More than 10,000 WordPress sites have been left vulnerable to full site takeover due to three critical security flaws discovered in the HT Contact Form Widget for Elementor Page Builder & Gutenberg ...