WPvivid Backup & Migration plugin allows for arbitrary file upload which can lead to remote code execution.

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files ...

After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. A WordPress plugin vulnerability found in WP Live Chat could allow an attacker ...

A new security vulnerability in the Chaty Pro plugin has been identified, potentially allowing attackers to take over WordPress sites by uploading malicious files. Chaty Pro is a popular WordPress ...

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution. A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File ...

A critical vulnerability has been identified in the AI Engine plugin for WordPress, specifically affecting its free version with over 50,000 active installations. The plugin is widely recognized for ...

Security researchers found JavaScript code installing four backdoors to WP-powered sites They also found a vulnerable plugin enabling full website takeover There are patches and mitigations for all ...

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute ...