A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet. The attacks are an escalation part of a hacking ...

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...

Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. The attacks, detected by Wordfence, a company that provides a ...

Hackers are using a critical vulnerability in the WP Automatic, a plugin used by more than 30,000 websites in WordPress. The vulnerability is being exploited to create user accounts with ...

Thousands of WordPress sites could be at risk as a vulnerability in the Ultimate Member plugin gets exploited, but a quick fix will stop your site from being taken over. The plugin, which has amassed ...

A critical vulnerability recently discovered in a popular WordPress plugin, is being actively abused in the wild, researchers have said, with hackers potentially able to use the flaw to fully take ...

The OttoKit plugin was vulnerable to a critical flaw that allows the creation of new admin accounts It was patched in late April 2025, so users should update now Threat actors are looking for exposed ...

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution. A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File ...