Bleeping Computer

Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects

WordPress websites using unpatched Social Warfare installations (v3.5.1 and v3.5.2) are exposed to attacks abusing a stored Cross-Site Scripting (XSS) vulnerability fixed in the 3.5.3 version of the ...
CSOonline

Critical plugin flaw opens over a million WordPress sites to RCE attacks

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.
TechRadar

Another top WordPress plugin hacked to allow account takeover - stay safe with these tips

Experts find a way to trick Forminator into deleting a core WordPress file This process would trigger the site's setup, where hackers can take it over A patch is available, and users are advised to ...