Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch.
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.
An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials.
Severe CSRF to XSS bugs open the door to code execution and complete website compromise.
The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.
Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.
The high-severity flaw allows malicious code injection into website pop-up windows.
Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.