Searchenginejournal.com

WordPress Contact Form 7 Redirection Plugin Vulnerability Hits 300k Sites

A vulnerability advisory was issued for a WordPress Contact Form 7 add-on plugin that enables unauthenticated attackers to “easily” launch a remote code execution. The vulnerability is rated high (8.8 ...
Bleeping Computer

Backdoor Found in WordPress Plugin With More Than 300,000 Installations

A WordPress plugin installed on over 300,000 sites was recently modified to download and install a hidden backdoor. The WordPress team has intervened and removed this plugin from the official ...
Searchenginejournal.com

Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit ...
Bleeping Computer

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term ...
Infosecurity-magazine.com

Vulnerability Exposed in WordPress Plugin User Submitted Posts

A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack team. With over 20,000 active installations, this popular plugin is ...
TechRadar

Best WordPress plugin of 2025

We list the best WordPress plugins, to make it simple and easy to add targeted features that increase the performance and interactivity of your WordPress website. The way we use the web has changed ...
Threat Post

Anti-Spam WordPress Plugin Could Expose Website User Data

‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in. An SQL-injection vulnerability ...