TechRadar

This popular WordPress security plugin has a worrying flaw which exposed user data

WordPress plugin flaw let low-privileged users access sensitive server files and credentials CVE-2025-11705 affects plugin versions 4.23.81 and earlier; patch released October 15 About 50,000 sites ...
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
TechRadar

Thousands of WordPress websites hacked via plugin looking to steal user data

Hackers found installing malicious plugins on already compromised WordPress sites When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. A new variant ...