Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

A tainted version was pushed as an update to more than 800,000 active websites.

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says ...

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

More than 30 popular WordPress plugins were removed after investigators found backdoors inserted by a new owner following a business sale. The malicious code remained dormant for months before being ...

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Shana Dacres-Lawrence explains the complex ...

Application security testing firm Checkmarx Ltd. today announced the CheckAI GPT Plugin, a plugin designed to detect and prevent potential attacks against ChatGPT-generated code. The CheckAI GPT ...