In its write-up, Patchstack said the flaw is already being exploited in the wild, and that first attacks were detected on ...

Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass ...

A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...

A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations allows any registered user to escalate their privileges to gain administrative access to the ...

Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full ...

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. Another day, another critical WordPress plugin vulnerability.

WordPress membership plugin vulnerability exposing sensitive Stripe payment data affects up to 10,000 websites.

A critical vulnerability in the Post SMTP Mailer plugin has exposed more than 400,000 WordPress websites to potential security breaches. The flaw, identified as an account takeover vulnerability, ...

A popular WordPress vulnerability has been found carrying a critical vulnerability which allowed hackers to attack websites, steal sensitive data, and even force them offline. The vulnerability, ...

A vulnerability in the AIOSEO plugin affecting up to 3 million installations adds to the six vulnerabilities found in 2025.