Threat Post

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...

WordPress plugins with critical vulnerabilities, some already under attack

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.
The Hacker News

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...

NotificationX WordPress WooCommerce Plugin Vulnerabilities Impact 40k Sites

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...

All In One SEO WordPress Vulnerability Affects Over 3 Million Sites

A vulnerability in the AIOSEO plugin affecting up to 3 million installations adds to the six vulnerabilities found in 2025.
CSO Online

Modular DS bug hands hackers instant WordPress admin access

Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full ...