For now, sites using the plugin should disable their database cache or create a .htaccess file in wp-content/w3tc.

The vulnerability, tracked as CVE-2023-6933, was discovered by WordPress security experts Wordfence, and subsequently fixed by the plugin’s vendor, WP Engine.

WordPress plugin vulnerability can be exploited for total website takeover The “easily exploitable” bug in WP Database Reset has serious consequences for webmasters.

A widely used add-on plugin for a popular WordPress site builder installed an anti-piracy script that essentially unpublishes all posts. WordPress developers are livid, with some calling the ...

Why it matters: WordPress plugin developer, iThemes, alerted users to a vulnerability related to their BackupBuddy extension earlier this week. The security hole leaves plugin users susceptible to ...

A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript.

WordPress plugin installed on 1 million+ sites logged plaintext passwords AIOS bills itself as an "all-in-one" security solution. A just-fixed bug undermined that.

In an attempt to protect its intellectual property from piracy, a WordPress plugin developer implemented a rather controversial solution to one of its products. As a result, the community is up in ...