Bleeping Computer

Backdoor Found in WordPress Plugin With More Than 200,000 Installations

For the past two and a half months, a WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites across the Internet. The backdoor code was found between Display ...
The Hacker News

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a ...
HotHardware

Alarming WordPress Plugin Security Flaw Leaves 2M Sites Vulnerable To Attack

A WordPress plugin with over 2 million active installations left its users open to an alarming security flaw. The popular Advanced Custom Fields (ACF) plugin by WP Engine allows WordPress admins to ...