ZDNet

WordPress plugin vulnerabilities affect 20 million downloads

A new vulnerability in WordPress plugin WPTouch highlights a series of recent discoveries that critically affect active plugins downloaded and used by millions of WordPress bloggers. If you're a ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
Ars Technica

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...
Bleeping Computer

600K WordPress sites impacted by critical plugin RCE vulnerability

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. The ...
TechRadar

WordPress websites under attack — expert report says dozens of plugins hijacked to target thousands of sites

Malicious actor bought 31 WordPress plugins from Essential Plugin Updates injected backdoors, granting full site access Spam campaigns hidden from owners, C2 resolved via Ethereum smart contract A ...
Bleeping Computer

Fake WordPress security advisory pushes backdoor plugin

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...