Security News

Vulnerabilities found by a researcher in a popular WordPress plugin can be exploited by malicious actors to gain access to sensitive data and take control of affected websites. read more

If you’re running your website on WordPress and you haven’t yet upgraded to version 4.8.3, you should do so without delay. The advice comes from the WordPress Foundation and Anthony Ferrara, VP of...

A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL-injection attack.

A serious SQL injection vulnerability was patched on Tuesday by WordPress developers with the release of version 4.8.3. read more

Zero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites. The attacks have been spotted by Wordfence, a...

A fake WordPress plugin containing a backdoor attempts to trick users into believing it is a version of a popular plugin that has over 100,000 installs. read more

WordPress 4.8.2 patches nine vulnerabilities affecting version 4.8.1 and earlier, including cross-site scripting (XSS), SQL injection, path traversal and open redirect flaws. read more

A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites.

Around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code, Wordfence reports. read more

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.