Three popular plugins served malicious JavaScript through a compromised CDN.

Security researcher at Automattic discovered a vulnerability affecting popular WordPress backup plugin, UpdraftPlus. The vulnerability allowed hackers to download user names and hashed passwords.

Updates have been released for UpdraftPlus, a WordPress plugin with over 3 million installations, after a vulnerability was discovered by Jetpack security researcher Marc Montpas. Montpas said the ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which ...

Millions of WordPress sites have received a forced patch over the past few days, Ars Technica has reported. The reason is a vulnerability in UpdraftPlus, a popular plugin that allows users to create ...

Attackers can bypass WordPress authentication, run commands as an administrator, and then install malicious plugins on ...

An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders. The WordPress plug-in “UpdraftPlus” was patched on Wednesday to correct a vulnerability that left ...

Add Yahoo as a preferred source to see more of our stories on Google. Millions of WordPress sites have received a forced patch over the past few days, Ars Technica has reported. The reason is a ...