The latest WordPress security news and insights

Featured articles

XSS Vulnerability Patched in Slider Revolution Plugin

28 May, 2024

Unauthenticated XSS Vulnerability Patched in Slider Revolution Plugin

                xss            

                Slider Revolution            

                Audit            

Critical Vulnerability Patched in UserPro Plugin

22 May, 2024

Critical Vulnerability Patched in UserPro Plugin

                Critical Vulnerability            

                privilege escalation            

                account takeover            

                UserPro

Exploring the Unknown: Beneath the Surface of the Unpatched WordPress SSRF - Patchstack analysis

17 May, 2024

Exploring the Unknown: Beneath the Surface of Unpatched WordPress SSRF

                WordPress core            

                ssrf            

patchstack - how to limit login attempts on wordpress - 5 methods

28 September, 2023

How To Limit Login Attempts on WordPress (+ Should You?)

WordPress security

Two Path to Privilege Escalation Bugs Found In the Simple Membership Plugin

27 September, 2023

Two Paths to Privilege Escalation Vulnerability In The Simple Membership Plugin

                privilege escalation            

                simple membership            

Authenticated Privilege Escalation in Essential Addons for Elementor Plugin

15 September, 2023

Authenticated Privilege Escalation Vulnerability in Essential Addons for Elementor

                Essential Addons for Elementor            

                privilege escalation            

WordPress.org is an open source cms, but WordPress.com is a paid hosting platform

14 September, 2023

Patchstack Is FREE On the Official WordPress Repository

patchstack

6 September, 2023

Unauthenticated PHP Object Injection in Flatsome Theme <= 3.17.5

                flatsome            

                php object injection            

31 August, 2023

Critical Arbitrary File Upload Patched in Forminator Plugin

                Critical Vulnerability            

                arbitrary file upload            

                forminator            

30 August, 2023

Pre-Auth Access Token Manipulation in All-in-One WP Migration Extensions

                access token            

                all-in-one wp migration            

Patchstack - wordpress zombie plugin pandemic affecting 1.6 million websites

25 August, 2023

The WordPress "Zombie" Plugins Pandemic Affects 1.6M+ Websites

WordPress plugins

jupiter x core vulnerability patched - patchstack social - rafie mohammad

24 August, 2023

Critical Vulnerabilities Patched in Jupiter X Core Plugin

                Critical Vulnerability            

                arbitrary file upload            

                account takeover            

                Jupiter X

10 August, 2023

Multiple High and Critical Vulnerabilities in Avada Theme and Plugin

3 August, 2023

Authenticated RCE in JetElements For Elementor Plugin

                Critical Vulnerability            

                Elementor            

                rce            

                jetelements

27 July, 2023

Multiple High Severity Vulnerabilities in Ninja Forms Plugin

                ninja forms            

                xss            

                broken access control            

« Previous 1 … 12 13 14 15 16 … 33 Next »

The latest WordPress security news and insights

Featured articles

Unauthenticated XSS Vulnerability Patched in Slider Revolution Plugin

Critical Vulnerability Patched in UserPro Plugin

Exploring the Unknown: Beneath the Surface of Unpatched WordPress SSRF

Monthly security advice

How To Limit Login Attempts on WordPress (+ Should You?)

Two Paths to Privilege Escalation Vulnerability In The Simple Membership Plugin

Authenticated Privilege Escalation Vulnerability in Essential Addons for Elementor

Patchstack Is FREE On the Official WordPress Repository

Unauthenticated PHP Object Injection in Flatsome Theme <= 3.17.5

Critical Arbitrary File Upload Patched in Forminator Plugin

Pre-Auth Access Token Manipulation in All-in-One WP Migration Extensions

The WordPress "Zombie" Plugins Pandemic Affects 1.6M+ Websites

Critical Vulnerabilities Patched in Jupiter X Core Plugin

Multiple High and Critical Vulnerabilities in Avada Theme and Plugin

Authenticated RCE in JetElements For Elementor Plugin

Multiple High Severity Vulnerabilities in Ninja Forms Plugin

Website security

For plugin devs

For researchers

Resources

Patchstack

Socials

Website security

For plugin devs

For researchers

Resources

Patchstack

Socials