WPvivid Backup & Migration plugin vulnerable to critical RCE flaw CVE-2026-1357 Exploitation requires “receive backup from another site” option enabled, with 24 ...

The Internet Archive and Automattic have teamed up to tackle one of the web’s biggest annoyances: “link rot.” The two companies have released a new WordPress plugin called Link Fixer that ...

Jennifer Simonson is a business journalist with a decade of experience covering entrepreneurship and small business. Drawing on her background as a founder of multiple startups, she writes for Forbes ...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...

Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply chain attack. Two trojanized versions of the Gravity Forms WordPress plugin ...

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is ...

A critical vulnerability in the WordPress plugin SureTriggers has exposed thousands of websites to remote attacks, allowing unauthenticated users to create administrative accounts. SureTriggers ...

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...

A critical vulnerability in the Jupiter X Core WordPress plugin, used on over 90,000 websites, has been identified by security researchers. The flaw, discovered on January 6, allows attackers with ...