WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

WordPress powers about 43% of all websites worldwide. This makes it an indispensable platform for organizations of all sizes. Unfortunately, that popularity also makes WordPress a prime target for ...

WordPress released a security update to fix sixteen vulnerabilities, recommending that sites be updated immediately. The security notice did not offer a description of the severity of the ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

King Addons plugin had two critical flaws enabling full WordPress site takeover Bugs allowed unauthenticated file uploads and privilege escalation via registration endpoint Users must update to ...

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...

If you are a WordPress site admin, be wary of incoming emails - one could be a phishing message looking to infect your site with malicious plugins. This is the warning given out by WordPress security ...

Even though in the past, many consultants (including myself) used to recommend Jetpack for WordPress, there is a very ...

A critical flaw in the Motors WordPress theme affecting more than 20,000 installations allows low-privileged users to gain ...

A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO." The attacker was obviously trying to ...