Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.
A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...
Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a routine audit that turned up a security vulnerability in its API. Jetpack issued an ...
Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full ...
An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...
WordPress membership plugin vulnerability exposing sensitive Stripe payment data affects up to 10,000 websites.
WordPress plugin flaw let low-privileged users access sensitive server files and credentials CVE-2025-11705 affects plugin versions 4.23.81 and earlier; patch released October 15 About 50,000 sites ...
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...
When users set up a brand new WordPress-powered website, they have long been greeted by a default, introductory post simply titled "Hello world!" But, now it's time for WordPress to say a farewell.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback