Threat Post

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...
Tech Times

WordPress 7.0 Ships AI Agent Infrastructure: API Key Theft Risk Surfaces on Launch Day

WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been ...

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain ...
Bleeping Computer

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code ...