Security News

A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.

If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication tokens for your admin account might have...

Devs strip code from toolkit amid blogger dramarama A British web-dev outfit has denied allegations it deliberately hid code inside its WordPress plugins that, among other things, spammed a...

Two hacking groups have been spotted targeting websites running unpatched versions of the WordPress plugin Easy WP SMTP.

The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.

Researchers have offered more detail on a recently patched vulnerability that would allow an attacker to take over a WordPress site.

Not on 5.1.1? You should be A newly revealed vuln in the open-source CMS WordPress allows an unauthenticated website attacker to remotely execute code – potentially letting naughty folk delete or...

WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites.  read more

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take...

Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.