A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data ...

Critical vulnerability affecting a WordPress user registration and membership plugin enables attackers to take full control of a website.

Ally was carrying an SQL injection flaw that allowed data exfiltration.

Wordfence published an advisory on a vulnerability in the LatePoint – Calendar Booking WordPress Plugin that makes it possible for authenticated attackers with Agent-level access and above to gain ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

Hackers exploit a critical WordPress plugin flaw that allows creation of administrator accounts without authentication.

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than ...

A vulnerability in the Ally WordPress plugin exposes over 200,000 websites to sensitive information disclosure via SQL queries.

A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.