Threat actors are attempting to exploit three critical CVEs from 2024 impacting two popular WordPress plugins, according to Wordfence. The security vendor claimed that the bugs affect the GutenKit and ...

Wordpress plugins are the bane of my existence. Most "designers/developers" try to fill all the business needs with a plugin and wonder why its so hard to manage. While this specific plugin is an ...

WordPress plug-ins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of ...

Attackers are targeting WordPress users with a fake security alert that warns of a fabricated remote code execution (RCE) flaw; it offers a "patch" that in actuality spreads malicious code that can ...

A flaw in two WordPress custom plug-ins leaves users vulnerable to cross-site scripting attacks (XSS), according to a recent report. The flaw, called CVE-2023-30777 was discovered on May 2 and was ...

WordPress released a maintenance release on Wednesday evening to fix problems discovered shortly after WordPress 6.4 was released to the public on Tuesday November 7th. Two of issues were somewhat ...

Security researchers have recorded over one million attempts to compromise a popular WordPress plugin over the past few days. Wordfence said the attacks began on July 14 and continued over the weekend ...

A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. Tracked under ...

Tens of thousands of WordPress websites are vulnerable to full site takeover, thanks to a critical-severity vulnerability just discovered in a popular plugin. Security researchers at Defiant reported ...

What derailed the 6.5 release is a new Font Library feature for managing fonts that also makes using Google Fonts GDPR compliant. The GDPR compliance part is a nice feature that allows a publisher to ...

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.

One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain ...