Vulnerabilities
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.
Hi, what are you looking for?
SecurityWeek
All posts tagged "WordPress"
Incident Response
The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin.
Vulnerabilities
Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware.
Vulnerabilities
Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks.
Vulnerabilities
WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.
Malware & Threats
A backdoor deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence.
Malware & Threats
Recently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign.
Vulnerabilities
A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks leading to sensitive information disclosure.
Application Security
Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations.
Vulnerabilities
PoC exploit targeting an XSS vulnerability in the Advanced Custom Fields WordPress plugin started being used in malicious attacks two days after patch.
Vulnerabilities
A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks.
Vulnerabilities
A critical vulnerability in the Houzez premium WordPress theme and plugin has been exploited in the wild.
Threat Intelligence
Enterprises running SharePoint servers should not wait for a fix for CVE-2025-53770 and should commence threat hunting to search for compromise immediately.
Fraud & Identity Theft
Malware & Threats
Vulnerabilities
Nation-State
Management & Strategy
Noteworthy stories that might have slipped under the radar: powerful US law firm hacked by China, Symantec product flaw, $10,000 Meta AI hack, cryptocurrency...
Fraud & Identity Theft