Infosecurity-magazine.com

Simple Membership Plugin Flaws Expose WordPress Sites

Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues. With over ...
Ars Technica

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
Bleeping Computer

Over 6,000 WordPress sites hacked to install plugins pushing infostealers

WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. Over the past couple of years, information-stealing ...

New WordPress Initiative Will Secure Plugins And Themes

WordPress announced the Protect The Shire initiative to make all plugins and themes in its repositories and directories ...
Bleeping Computer

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. A malicious actor planted the backdoor ...