WordPress News Articles

ACF Plugin Vulnerability Exposes 50,000 WordPress Sites to Hackers

Critical ACF plugin flaw exposes 50,000 WordPress sites to hackers gaining full admin access - discover how to protect your website now.

5 days ago

CVE-2025-14533: Critical WordPress Plugin Lapse Puts Over 100,000 Sites at Risk

A critical flaw in the ACF Extended WordPress plugin could give hackers full admin access to over 100,000 sites, prompting urgent patch warnings.

6 days ago

ACF plugin bug gives hackers admin on 50,000 WordPress sites

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions.

6 days ago

WordPress Plugin Vulnerability Exposes 100,000+ Sites to Privilege Escalation Attacks

A critical flaw in the ACF Extended WordPress plugin lets unauthenticated attackers gain admin access on 100,000+ sites.

1 week ago

Three Patches, Zero Fix: WordPress Cache Plugin's Persistent RCE Nightmare

W3 Total Cache RCE flaw bypassed in versions 2.8.13-2.8.15, putting 1M+ WordPress sites at risk despite vendor patches.

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process.

PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks

A proof-of-concept exploit released for unauthenticated command-injection flaw, affecting W3 Total Cache, puts many websites at high risk.

PoC Released for W3 Total Cache RCE Vulnerability Exposing 1+ Million Websites

The vulnerability stems from an unauthenticated command injection flaw in W3 Total Cache's page-caching mechanism.

PoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCE

A PoC exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress's most popular caching plugins.

WordPress Plugin Flaw Exposes Millions to Cyber Threats

Urgent warning for WordPress users: a plugin flaw threatens millions with cyberattacks. Discover how to protect your site from this critical vulnerability now.

Critical vulnerability in the WordPress plugin W3 Total Cache. 430,000 sites at risk!

A critical vulnerability has been discovered in the WordPress plugin W3 Total Cache that allows the execution of arbitrary PHP commands. An urgent update is recommended.

Critical vulnerability in the WordPress plugin W3 Total Cache. 430,000 sites at risk!

A critical vulnerability has been discovered in the WordPress plugin W3 Total Cache that allows the execution of arbitrary PHP commands. An urgent update is recommended.

W3 Total Cache Plugin Exposes Critical PHP Injection Flaw

Critical security alert: W3 Total Cache WordPress plugin exposes PHP command injection vulnerability risking your site’s safety. Act now to protect your data.

New WordPress Vulnerability W3 Total Cache CVE-2025-9501 Alert

Discover the critical W3 Total Cache vulnerability CVE-2025-9501 affecting WordPress sites; learn how to protect your website before it’s too late.

W3 Total Cache WordPress plugin vulnerable to PHP command injection

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.

W3 Total Cache WordPress plugin vulnerable to PHP command injection

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked...

W3 Total Cache CVE-2025-9501 Is The Latest WordPress Flaw

Over 1M WordPress sites using W3 Total Cache are at risk from CVE-2025-9501. Update to 2.8.13 and monitor for malicious activity immediately.

Site Takeover Flaw Affects 400K WordPress Sites

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and website.

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts.

Hackers exploit critical auth bypass flaw in JobMonster WordPress theme

Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions.

WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE).

Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit

An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator.

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in the Service Finder WordPress theme’s Bookings plugin.