CSOonline

Critical plugin flaw opens over a million WordPress sites to RCE attacks

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.
Bleeping Computer

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) ...
TechRadar

Top WordPress plugin accused of adding backdoor that could unpublish all your posts

In an attempt to protect its intellectual property from piracy, a WordPress plugin developer implemented a rather controversial solution to one of its products. As a result, the community is up in ...