A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says ...

Hackers can read arbitrary files with this newly discovered flaw ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

A new threat in is the wild affecting sites that run WordPress, a popular content management system. Wordfence, a company that focuses on security research in the WordPress ecosystem, is reporting ...

W3 Total Cache (W3TC), a WordPress plugin with more than a million users, carries a critical-severity vulnerability that allows threat actors to fully take over compromised websites, experts have ...

A privilege escalation vulnerability has been identified in the Admin and Site Enhancements (ASE) plugin for WordPress, affecting both free and pro versions up to 7.6.2.1. The flaw allows users to ...

Tens of thousands of WordPress websites are vulnerable to full site takeover, thanks to a critical-severity vulnerability just discovered in a popular plugin. Security researchers at Defiant reported ...