Bleeping Computer

Security plugin flaw in millions of WordPress sites gives admin access

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...
TechRepublic

5 WordPress plugins to bolster security

WordPress is one of the most widely-used Content Management Systems on the planet. With over 43% of websites using the platform, it’s no surprise that it has a target on its back. That not only means ...
Engadget

Millions of WordPress sites receive forced patch for critical plugin flaw

Millions of WordPress sites have received a forced patch over the past few days, Ars Technica has reported. The reason is a vulnerability in UpdraftPlus, a popular plugin that allows users to create ...

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.
ZDNet

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. The attacks, detected by Wordfence, a company that provides a ...
ZDNet

Many CMS plugins are disabling TLS certificate validation... and that's very bad

An absurd number of CMS plugins and PHP libraries are disabling SSL/TLS certificate validation on purpose, and by doing so, they're putting millions of internet users at great risk. To make matters ...