A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data ...

Ally was carrying an SQL injection flaw that allowed data exfiltration.

Page Builder by SiteOrigin WordPress plugin vulnerability enables attackers to execute arbitrary server files.

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven’t yet applied a recent patch for a critical vulnerability. The vulnerability, located in the platform’s REST API, ...

WordPress releases an additional security release 6.9.4 to fix vulnerabilities previous update 6.9.2 failed to address ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

Attackers are actively exploiting a critical vulnerability in BackupBuddy, a WordPress plug-in that an estimated 140,000 websites are using to back up their installations. The vulnerability allows ...

A WordPress plug-in could potentially allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. This poses a potential risk to those who use WordPress for e-commerce. Dr.

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked. Patchstack discusses the details in their advisory. Since last Friday, ...