Three popular plugins served malicious JavaScript through a compromised CDN.

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. A web developer discovered dozens of malicious ...

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...

Security researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named ...

WP 5.5 deprecated support for jQuery Migrate may have caused at least 50,000 broken sites. An issue with how themes handle pagination is causing other sites to break after updating to 5.5. That’s a ...