Bleeping Computer

Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects

WordPress websites using unpatched Social Warfare installations (v3.5.1 and v3.5.2) are exposed to attacks abusing a stored Cross-Site Scripting (XSS) vulnerability fixed in the 3.5.3 version of the ...
CSOonline

Critical plugin flaw opens over a million WordPress sites to RCE attacks

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.
Searchenginejournal.com

WordPress Security Plugin Vulnerability Affects +1 Million Sites

WordPress security plugin discovered to have two vulnerabilities that could allow a malicious upload, cross-site scripting and allow viewing of contents of arbitrary files. All-In-One Security (AIOS) ...
TechRadar

Another top WordPress plugin hacked to allow account takeover - stay safe with these tips

Experts find a way to trick Forminator into deleting a core WordPress file This process would trigger the site's setup, where hackers can take it over A patch is available, and users are advised to ...