Another worrying WordPress plugin security flaw could put 250,000 websites at risk

Ally was carrying an SQL injection flaw that allowed data exfiltration.

Hackers exploiting WordPress membership plugin bug to create admin accounts

A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.
TechJuice

Critical WordPress Plugin Bug Can Now Hijack 60,000 Websites With Admin Access

Hackers exploit a critical WordPress plugin flaw that allows creation of administrator accounts without authentication.
Infosecurity-magazine.com

Critical WordPress Plugin Bugs Exploited En Masse

Threat actors are attempting to exploit three critical CVEs from 2024 impacting two popular WordPress plugins, according to Wordfence. The security vendor claimed that the bugs affect the GutenKit and ...
Dark Reading

WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug

WordPress plug-ins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of ...
Bleeping Computer

WPForms bug allows Stripe refunds on millions of WordPress sites

A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. Tracked under ...

WordPress Security Release 6.9.4 Fixes Issues 6.9.2 Failed To Address

WordPress releases an additional security release 6.9.4 to fix vulnerabilities previous update 6.9.2 failed to address ...

WordPress membership plugin bug exploited to create admin accounts

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than ...