A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.

Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full ...

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...

Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a routine audit that turned up a security vulnerability in its API. Jetpack issued an ...

The OttoKit plugin was vulnerable to a critical flaw that allows the creation of new admin accounts It was patched in late April 2025, so users should update now Threat actors are looking for exposed ...

WordPress membership plugin vulnerability exposing sensitive Stripe payment data affects up to 10,000 websites.

A critical vulnerability in the WordPress plugin SureTriggers has exposed thousands of websites to remote attacks, allowing unauthenticated users to create administrative accounts. SureTriggers ...

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) ...

When users set up a brand new WordPress-powered website, they have long been greeted by a default, introductory post simply titled "Hello world!" But, now it's time for WordPress to say a farewell.