The Hacker News

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...

WordPress plugins with critical vulnerabilities, some already under attack

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.

NotificationX WordPress WooCommerce Plugin Vulnerabilities Impact 40k Sites

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...
CSO Online

Modular DS bug hands hackers instant WordPress admin access

Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full ...
TechRadar

OttoKit WordPress plugin has a serious security flaw, thousands of users possibly affected

The OttoKit plugin was vulnerable to a critical flaw that allows the creation of new admin accounts It was patched in late April 2025, so users should update now Threat actors are looking for exposed ...
Dark Reading

Jetpack WordPress Plug-in API Bug Triggers Mass Updates

Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a routine audit that turned up a security vulnerability in its API. Jetpack issued an ...

WordPress Membership Plugin Flaw Exposes Sensitive Stripe Data

WordPress membership plugin vulnerability exposing sensitive Stripe payment data affects up to 10,000 websites.
Infosecurity-magazine.com

Major WordPress Plugin Flaw Exploited in Under 4 Hours

A critical vulnerability in the WordPress plugin SureTriggers has exposed thousands of websites to remote attacks, allowing unauthenticated users to create administrative accounts. SureTriggers ...