Home/Tag/Wordpress

Wordpress

5 articles tagged with "Wordpress"

Vulnerabilities3 min read

wpForo Forum Plugin Hit by Six Critical Vulnerabilities

WordPress plugin wpForo 2.4.14 contains unauthenticated SQL injection, PHP object injection, and multiple authorization bypass flaws. Over 80,000 sites at risk.

Marcus ChenMar 1, 2026

Vulnerabilities4 min read

CleanTalk WordPress Plugin Flaw Exposes 200K Sites to Takeover

Critical CVE-2026-1490 (CVSS 9.8) in CleanTalk anti-spam plugin allows unauthenticated attackers to install malicious plugins via DNS spoofing. Update to 6.72 now.

Marcus ChenFeb 19, 2026

Vulnerabilities3 min read

WordPress Service Finder Plugin Exploit Hits 13,800 Sites

Attackers exploiting CVE-2025-5947 in Service Finder Bookings plugin to hijack admin accounts through cookie manipulation. Over 6,000 sites potentially exposed.

Marcus ChenFeb 4, 2026

Vulnerabilities4 min read

WordPress Plugin Flaw Gives Attackers Admin Access Without Login

CVE-2026-23550 in Modular DS plugin scores CVSS 10.0. Active exploitation began January 13, with 40,000+ sites at risk.

Marcus ChenJan 28, 2026

Vulnerabilities4 min read

WordPress ACF Extended Bug Lets Anyone Become Admin

CVE-2025-14533 in the ACF Extended plugin allows unauthenticated attackers to register as administrators on 100,000 WordPress sites.

Marcus ChenJan 21, 2026