Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs. Two high-severity vulnerabilities in Post Grid, a WordPress plugin ...

An advisory has been issued about a high-severity WordPress vulnerability that makes it possible for attackers to inject arbitrary shortcodes into sites using the WordPress Popular Posts plugin.

More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. Post SMTP is a popular email delivery ...

Older versions of Post SMTP allowed hackers to read all emails They could also reset the admin password and read the notification email, gaining access to the account More than 160,000 WordPress sites ...

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.

A popular WordPress vulnerability has been found carrying a critical vulnerability which allowed hackers to attack websites, steal sensitive data, and even force them offline. The vulnerability, ...

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The ...

A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. A popular WordPress SEO-optimization plugin, called All in One SEO, has a pair of ...