WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.
Searchenginejournal.com

WordPress SEOPress Plugin Vulnerability

Wordfence, a WordPress security software company, published details about a vulnerability in popular WordPress SEO software SEOPress. Before making the announcement, WordFence communicated the details ...
Searchenginejournal.com

WordPress AI Engine Plugin Vulnerability Affects Up To 100,000 Websites

A security advisory was issued for the AI Engine WordPress plugin, installed on over 100,000 websites, the fourth one this month. Rated 8.8, this vulnerability enables attackers with only ...

W3 Total Cache WordPress plugin vulnerable to PHP command injection

WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.