WordPress

Wordfence Blog Vulnerability Disclosure WordPress 1d ago

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active in...

T1190

Wordfence Blog →

Wordfence Blog Vulnerability Disclosure WordPress 3d ago

200,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in MW WP Form WordPress Plugin

On March 16th, 2026, we received a submission for an Arbitrary File Move vulnerability in MW WP Form, a WordPress plugin with more than 200,000 active instal...

T1190

Wordfence Blog →

SC Media General WordPress 5d ago

Widespread compromise possible with Smart Slider WordPress plugin flaw

BleepingComputer reports that at least 500,000 WordPress sites are vulnerable to attacks involving a medium-severity flaw in the Smart Slider 3 plugin, which...

SC Media →

GBHackers Vulnerability Disclosure WordPress 5d ago

WordPress Plugin Flaw Exposes Sensitive Data Across 800,000+ Sites

A severe security flaw has been disclosed in Smart Slider 3, a highly popular WordPress plugin currently active on more than 800,000 websites. Discovered by ...

GBHackers →

BleepingComputer Vulnerability Disclosure WordPress 6d ago

File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbi...

BleepingComputer →

Wordfence Blog Vulnerability Disclosure WordPress Mar 26

800,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Smart Slider 3 WordPress Plugin

On February 23, 2026, we received a submission for an Arbitrary File Read vulnerability in Smart Slider 3, a WordPress plugin with an estimated more than 800...

Wordfence Blog →

Wordfence Blog Vulnerability Disclosure WordPress Mar 10

400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin

On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active ins...

Wordfence Blog →

Wordfence Blog Vulnerability Disclosure WordPress Mar 9

30,000 WordPress Sites Affected by Authentication Bypass Vulnerability in Tutor LMS Pro WordPress Plugin

On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than ...

T1556

Wordfence Blog →

Exploit Database General WordPress Mar 3

[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution

WordPress Backup Migration 1.3.

Exploit Database →

Recorded Future Campaigns WordPress Feb 18

GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack

GrayCharlie turns compromised WordPress sites into malware delivery machines. Discover how this threat actor chains fake browser updates and ClickFix lures t...

Recorded Future →

Wordfence Blog Vulnerability Disclosure WordPress Feb 10

800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin

On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 activ...

T1190

Wordfence Blog →

Infosecurity Magazine Vulnerability Disclosure WordPress Feb 3

SQL Injection Flaw Affects 40,000 WordPress Sites

40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin

Infosecurity Magazine →

Infosecurity Magazine General WordPress Jan 22

RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites

Security flaw in RealHomes CRM plugin allowed file uploads; patches released for 30,000+ sites

Infosecurity Magazine →

Exploit Database Vulnerability Disclosure WordPress Dec 25

[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection

WordPress Quiz Maker 6.7.

1 IOC

Exploit Database →