A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.

Security researchers have warned that over 10,000 websites powered by the WordPress content management system (CMS) are at risk of exploit due to a plugin containing a zero-day flaw. The WP Mobile ...

The Fancybox plugin for WordPress has been hit by a zero-day exploit that allows hackers to inject malicious code into websites, reports ZDNet. The plugin, which has been downloaded 600,000 times from ...

Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability ...

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit ...

More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild. Active exploits for a recently disclosed bug in a popular WordPress plugin, Social ...

A rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the ...

WordPress and Joomla exploits have existed for years, and cybercriminals have thus been exploiting them for a long time. Yet the situation may have gotten slightly more serious as of late, as there ...

A vulnerability in WordPress 2.8.3 which allows anyone to lock an admin out of his or her account by resetting the password has been reported. “The bug … is trivial to exploit remotely using nothing ...

A piece of malware that masquerades as antivirus software has been found on 200,000 web pages over 30,000 sites, many of them using WordPress software. A piece of malware that masquerades as antivirus ...