SecurityWeek

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover

Many websites exposed to account takeover due to a critical vulnerability in the email delivery WordPress plugin Post SMTP.
Ars Technica

WordPress plugin installed on 1 million+ sites logged plaintext passwords

All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them ...

Hackers exploit critical auth bypass flaw in JobMonster WordPress theme

Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator ...

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 ...
Searchenginejournal.com

WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin

Vulnerability discovered in WordPress plugin is the second one found so far this year Cross-Site Request Forgery (CSRF) Vulnerability could allow deletion of files More than 1 Million active ...
TechRadar

A popular WordPress theme has a worrying security flaw which could allow full site takeover - here's what we know

CVE-2025-5947 allows unauthenticated admin access in Service Finder WordPress theme versions ≤ 6.0 Over 13,800 exploit attempts observed since August; attackers actively target vulnerable sites ...
Ars Technica

WordPress plugin installed on 1 million+ sites logged plaintext passwords

Ive said it before, but its no less relevant now. Wordpress is not the problem. Its not even the plugins. Its the need for businesses to pack in every bit of functionality so they can condense, and ...