An advisory was issued for three WordPress file management plugins that are affected by a vulnerability that allows unauthenticated attackers delete arbitrary files. The three plugins are installed in ...

Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover.

jQuery File Upload Plugin 6.4.4 contains an unrestricted file upload caused by lack of validation in server/php/UploadHandler.php, letting remote attackers execute arbitrary PHP code by uploading PHP ...

The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is tracked as CVE-2025-6463 and ...

Yoast SEO has added support for llms.txt for both free and premium users, enabling them to future-proof their sites for AI Search. llms.txt is a proposal for a new standard that will enable large ...

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload ...

Over the past day or so, free Gemini app users have lost the ability to upload files when using Gemini 2.5 Flash (preview). Update: This issue was resolved by the end of Saturday. On Android and iOS, ...

A new security vulnerability in the Chaty Pro plugin has been identified, potentially allowing attackers to take over WordPress sites by uploading malicious files. Chaty Pro is a popular WordPress ...

After introducing for paid Advanced subscribers last year, free Gemini users are starting to get the ability to upload and analyze files. Once rolled out, you’ll see an “Upload files to get quick ...