More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...

A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.

WordPress plugin backdoor compromises 20,000+ sites through supply chain attack using blockchain evasion tactics and ...

A tainted version was pushed as an update to more than 800,000 active websites.

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

It's an interesting paradox. WordPress powers 35 percent of all websites on the Internet, in part because it's so flexible and modular. It has a robust library of more than 50,000 plugins, each adding ...

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...