A WordPress plugin to manage FAQ items as a custom post type (CPT) and inject FAQ JSON-LD into posts/pages. Designed for performance and scalability with advanced cache management, background queueing ...

W3 Total Cache plugin flaw CVE-2025-9501 enables unauthenticated PHP command injection Affects all versions before 2.8.13; ~327,000+ sites remain at risk WPScan PoC exploit set for Nov 24, raising ...

WordPress plugin flaw let low-privileged users access sensitive server files and credentials CVE-2025-11705 affects plugin versions 4.23.81 and earlier; patch released October 15 About 50,000 sites ...

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially ...

Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply chain attack. Two trojanized versions of the Gravity Forms WordPress plugin ...

A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. A vulnerability in the Forminator WordPress plugin could allow attackers ...

The WordPress Performance Team has released an experimental plugin that increases the perceived loading speed of web pages without the performance issues and accessibility tradeoffs associated with ...

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is ...

A dangerous malware variant disguised as a legitimate WordPress plugin has been uncovered by security researchers. The malware, named “WP-antymalwary-bot.php,” gives attackers persistent access to ...

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an ...

WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” resulting from WP Engine’s legal moves. WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” ...