A new vulnerability in WordPress plugin WPTouch highlights a series of recent discoveries that critically affect active plugins downloaded and used by millions of WordPress bloggers. If you're a ...

If you’ve logged into your WordPress dashboard and seen the warning that your site is running on PHP 7.4.33, you’re not alone. This outdated version no longer receives security updates, which makes ...

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 ...

More than 10,000 WordPress sites have been left vulnerable to full site takeover due to three critical security flaws discovered in the HT Contact Form Widget for Elementor Page Builder & Gutenberg ...

A dangerous malware variant disguised as a legitimate WordPress plugin has been uncovered by security researchers. The malware, named “WP-antymalwary-bot.php,” gives attackers persistent access to ...

WordPress announced the release of a plugin called the Performance Lab plugin. It was developed by the WordPress performance team that is designed to help WordPress sites speed up. The plugin gives ...

Websites that run WordPress and MailPoet, a plugin with more than 1.7 million downloads, are susceptible to hacks that give attackers almost complete control, researchers have warned. "If you have ...