Critical bug in ACF: Extended WordPress plugin allows arbitrary role escalation to administrator About 50,000 WordPress sites are vulnerable despite patch in version 0.9.2.2 No exploitation reported ...

W3 Total Cache (W3TC), a WordPress plugin with more than a million users, carries a critical-severity vulnerability that allows threat actors to fully take over compromised websites, experts have ...

WordPress being Event driven system, it is difficult to follow MVC Design Pattern while creating a WordPress Plugin. This project aims to help plugin developers achieve MVC pattern in their coding. If ...

Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply chain attack. Two trojanized versions of the Gravity Forms WordPress plugin ...

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is ...

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked ...

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...

Vulnerabilities in three WordPress plugins are being exploited to inject malicious scripts and backdoors into websites, according to a warning from Fastly. The flaws can be exploited to execute ...