A new security vulnerability in the Chaty Pro plugin has been identified, potentially allowing attackers to take over WordPress sites by uploading malicious files. Chaty Pro is a popular WordPress ...

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

We use a number of WordPress plugins on GeekWire. One of the most useful ones we’ve found is Advanced Custom Fields (ACF), which enables easy input and output of custom fields. We use custom fields ...

W3 Total Cache plugin flaw CVE-2025-9501 enables unauthenticated PHP command injection Affects all versions before 2.8.13; ~327,000+ sites remain at risk WPScan PoC exploit set for Nov 24, raising ...

WooCommerce published an advisory about an XSS vulnerability while Wordfence simultaneously advised about a critical vulnerability in a WooCommerce plugin named Dokan Pro. The advisory about Dokan Pro ...

Researchers from WPScan find flaw in Hunk Companion, a plugin with roughly 10,000 users The flaw allows crooks to install other plugins from the WP repository, including those with known RCE flaws ...

Security researchers issued an advisory on six unique XSS vulnerabilities discovered in the Elementor Website Builder and its Pro version that may allow attackers to inject malicious scripts.

WordPress users who have installed the WooCommerce Stripe Gateway Plugin are being urged to update to at least version 7.4.1 following the news of a major vulnerability potentially exposing users’ PII ...

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly ...