Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...

Why? Because it will take WordPress into new directions entirely. WordPress has unveiled its latest iteration, version 4.4. It's called Clifford, after the jazz trumpeter Clifford Brown, and comes ...

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks. The recently patched WordPress REST API Endpoint vulnerability is ...

Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, ...

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...

Today it was disclosed that the popular WordPress contact form called Ninja Forms patched two vulnerabilities, affecting over 1 million WordPress installations. This represents another in a growing ...

WordPress, the wildly popular CMS that powers 25 percent of all of the planet’s websites, has received an update with a raft of new features, including the ability to share entire posts on other sites ...

A vulnerability in the AIOSEO plugin affecting up to 3 million installations adds to the six vulnerabilities found in 2025.