Ars Technica

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The ...
TechRadar

Watch out — hackers can exploit this plugin to gain full control of your WordPress site

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. An older version of LiteSpeed Cache, a popular plugin for the WordPress website builder, is ...
The Verge

WordPress.org’s latest move involves taking control of a WP Engine plugin

WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” resulting from WP Engine’s legal moves. WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” ...
Bleeping Computer

Over 150k WordPress sites at takeover risk via vulnerable plugin

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. Last month, ...
Bleeping Computer

Critical Wordpress plugin bug lets hackers take over hosting account

Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting ...
Searchenginejournal.com

WordPress AMP Plugin Vulnerability Affects Up To 100,000+ Sites

A cross-site scripting (XSS) is one of the most frequent kind of vulnerability. In the context of WordPress plugins, XSS vulnerabilities happen when a plugin has a way to input data that isn’t ...
TechRadar

WordPress plugin with over a million installs may have a worrying security flaw - here's ...

W3 Total Cache plugin flaw CVE-2025-9501 enables unauthenticated PHP command injection Affects all versions before 2.8.13; ~327,000+ sites remain at risk WPScan PoC exploit set for Nov 24, raising ...