More than 30 WordPress plugins tied to the developer Essential Plugin were taken offline after a hidden backdoor was found in code distributed to live websites, exposing site owners to unauthorised ...

A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially ...

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

WordPress plugin backdoor compromises 20,000+ sites through supply chain attack using blockchain evasion tactics and ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

A 2026 WordPress supply-chain attack allegedly turned 30+ sold plugins into a dormant backdoor operation that hid SEO spam from site owners, persisted beyond a forced update, and exposed deep ...

A critical security flaw in the Ninja Forms File Uploads add-on has put thousands of WordPress sites at risk, with researchers warning that attackers can exploit the bug without logging in and, in the ...

Backdoored Smart Slider 3 Pro v3.5.1.35 update distributed for 6 hours via compromised infrastructure, enabling RCE and data ...

The world's most popular CMS has been remade with the help of AI. Cloudflare has released EmDash version 0.1, described as a ...

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server.