Bleeping Computer

Security plugin flaw in millions of WordPress sites gives admin access

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...
TechRadar

WordPress plugin auth bypass exploited almost immediately after disclosure

Almost immediately after being disclosed to the public, a vulnerability in a WordPress plugin was used in an attack, security researchers have warned. Wordfence revealed an authentication bypass in ...
Bleeping Computer

WordPress.org to require 2FA for plugin developers by October

Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on ...