Security News

Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.

A spam injector hides in plain site within WordPress theme files.

The commercial Total Donations plugin for WordPress is impacted by multiple zero-day vulnerabilities that are being actively exploited in attacks, Wordfence security researchers report.  read more

The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.

The website for a popular WordPress plugin was hacked over the weekend, when a former employee abused a previously implemented backdoor to take over the domain. read more

In an effort to improve the security of websites, WordPress will display a warning starting in April 2019 when encountering outdated PHP versions. In December last year, the free and open-source...

Despite fewer plugins being added to Wordpress last year, the CMS saw an astounding tripling of vulnerabilities in its platform in 2018.

WordPress vulnerabilities tripled over the past year, more than any other CMS, according to an Imperva report.

The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.

Privilege escalation vulnerabilities in WordPress allow attackers to access features that were intended for administrators only, RIPS Tech security researchers say.  read more