The United States government National Vulnerability Database (NVD) published an advisory about Shortcodes Ultimate WordPress plugin, warning that it was discovered to contain a Cross Site Request ...

WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes. WordPress core engine security ...

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...

Over the past decade, WordPress has proven itself to be a powerful blogging platform and content managing system. In fact, that’s why the NFL, CNN, TechCrunch, and TED publish content on WordPress. It ...

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management ...