The Hacker News

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...
Searchenginejournal.com

Data Confirms A Surge In WordPress Vulnerabilities

WordPress security researchers at Patchstack published their annual State of WordPress Security whitepaper that showed an increase of high and critical severity vulnerabilities, highlighting the ...

WordPress plugins with critical vulnerabilities, some already under attack

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.
Searchenginejournal.com

WordPress Core Vulnerabilities Hits Millions of Sites

WordPress announced it has patched four vulnerabilities that are rated as high as 8 on a scale of 1 to 10. The vulnerabilities are in the WordPress core itself and are due to flaws introduced by the ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...
PC World

Recent WordPress vulnerability used to deface 1.5 million pages

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven’t yet applied a recent patch for a critical vulnerability. The vulnerability, located in the platform’s REST API, ...
Digital Journal

Warning over new WordPress transactions vulnerability

A WordPress plug-in could potentially allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. This poses a potential risk to those who use WordPress for e-commerce. Dr.