Hackers can read arbitrary files with this newly discovered flaw ...

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server.

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

Ally WordPress plugin carried SQL injection flaw (CVE-2026-2413) Vulnerability left ~246,600 sites exposed to data theft Fixed in version 4.1.0; WordPress urges immediate updates A popular WordPress ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Shana Dacres-Lawrence explains the complex ...

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, ...

All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them ...