Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read…
Browsing: Plugin
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into…
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites.…
Liquid Web inadvertently started a cascading series of controversies after it folded a group of well-known WordPress plugin brands into…
Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin…
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows…
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on…
Ravie LakshmananApr 16, 2026Application Security / Threat Intelligence A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform…
Consent prompt appears even in projects without Vercel configurationPlugin delivers consent requests through system-level instruction injectionBash commands are captured fully,…
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which…