WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

WPvivid Backup & Migration plugin allows for arbitrary file upload which can lead to remote code execution.

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says ...

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware ...

Patchstack's WordPress vulnerability report shows site are getting hacked within hours of vulnerability disclosure ...

W3 Total Cache (W3TC), a WordPress plugin with more than a million users, carries a critical-severity vulnerability that allows threat actors to fully take over compromised websites, experts have ...

A dangerous malware variant disguised as a legitimate WordPress plugin has been uncovered by security researchers. The malware, named “WP-antymalwary-bot.php,” gives attackers persistent access to ...

There’s another ransomware story this week, but this one comes with a special twist. If you’ve followed this column for long, you’re aware that ransomware has evolved beyond just encrypting files.

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...