Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — but WordPress is having none of it.

A critical vulnerability was discovered in a popular WordPress security plugin with over 4 million installations. The flaw allows attackers to log in as any user, including administrators, and gain ...

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server.

Hackers can read arbitrary files with this newly discovered flaw ...

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

A new threat in is the wild affecting sites that run WordPress, a popular content management system. Wordfence, a company that focuses on security research in the WordPress ecosystem, is reporting ...

A privilege escalation vulnerability has been identified in the Admin and Site Enhancements (ASE) plugin for WordPress, affecting both free and pro versions up to 7.6.2.1. The flaw allows users to ...

Ally WordPress plugin carried SQL injection flaw (CVE-2026-2413) Vulnerability left ~246,600 sites exposed to data theft Fixed in version 4.1.0; WordPress urges immediate updates A popular WordPress ...

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk Your email has been sent A vulnerability in a widely used WordPress accessibility plugin could allow ...