WordPress plugins with critical vulnerabilities, some already under attack

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.
The Hacker News

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...
Dark Reading

Jetpack WordPress Plug-in API Bug Triggers Mass Updates

Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a routine audit that turned up a security vulnerability in its API. Jetpack issued an ...

NotificationX WordPress WooCommerce Plugin Vulnerabilities Impact 40k Sites

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...
VentureBeat

Medium opens up publishing API, adds WordPress plugin, and adds new content partners

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More SAN FRANCISCO — Publishing site Medium has unveiled a slew of updates ...
Bleeping Computer

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...
Bleeping Computer

Security plugin flaw in millions of WordPress sites gives admin access

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...
Searchenginejournal.com

18 WordPress Plugins That Will Speed Up Your Site

You put so much work into making your WordPress website, it’d be a shame if one little thing could be its entire undoing. If your website takes longer to load than it took you to read this paragraph, ...