WordPress plugins with critical vulnerabilities, some already under attack

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.
The Hacker News

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A critical WordPress Modular DS plugin flaw (CVE-2026-23550) allows unauthenticated attackers to gain admin access; patched ...
CSO Online

Modular DS bug hands hackers instant WordPress admin access

Security researchers confirmed in-the-wild exploitations of the mx-severity flaw, allowing unauthenticated actors gain full ...

NotificationX WordPress WooCommerce Plugin Vulnerabilities Impact 40k Sites

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...
Dark Reading

Jetpack WordPress Plug-in API Bug Triggers Mass Updates

Jetpack, a WordPress plug-in for boosting website security and speed has issued a critical update following a routine audit that turned up a security vulnerability in its API. Jetpack issued an ...
TechRadar

Dangerous WordPress plugin puts over 160,000 sites at risk - here's what we know

Older versions of Post SMTP allowed hackers to read all emails They could also reset the admin password and read the notification email, gaining access to the account More than 160,000 WordPress sites ...

All In One SEO WordPress Vulnerability Affects Over 3 Million Sites

A vulnerability in the AIOSEO plugin affecting up to 3 million installations adds to the six vulnerabilities found in 2025.
Mashable

WordPress drops Twitter social sharing due to API price hike

When users set up a brand new WordPress-powered website, they have long been greeted by a default, introductory post simply titled "Hello world!" But, now it's time for WordPress to say a farewell.