A major update to Yoast SEO fixes a bug that affected the rankings of certain websites. The founder of Yoast, Joost de Valk, personally offered an apology to victims ...

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web servers without ever logging in. The flaw, tracked as CVE-2026-3584, carries a ...

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs. Two vulnerabilities (one critical) in a WordPress ...

WordPress site owners who use commercial themes provided by ThemeGrill are advised to update one of the plugins that come installed with these themes to patch a critical bug that can let attackers ...

A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites. The plugin in question, known as ...

Threat actors are attempting to exploit three critical CVEs from 2024 impacting two popular WordPress plugins, according to Wordfence. The security vendor claimed that the bugs affect the GutenKit and ...

One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited. Security researchers are warning users of two WordPress plugins – ...

Yoast SEO rushed out an update to fix a bug in Yoast Premium that introduced a known fingerprint of AI-generated content. The bug was highlighted on social media, and ...

Hackers are attempting to take over tens of thousands of WordPress sites by exploiting critical vulnerabilities including a zero-day in multiple plugins that allow them to create rogue administrator ...