In May 2026, security researchers disclosed over 500 WordPress plugin vulnerabilities, including 28 critical issues, 118 high-severity flaws, and 344 medium-risk vulnerabilities. The high number of critical issues points to a clear pattern: attackers and researchers continue to uncover severe flaws in unauthenticated privilege escalation, arbitrary file uploads, and authentication bypass mechanisms. Most vulnerabilities now…

A critical vulnerability has been discovered in WP Maps Pro (versions ≤ 6.1.0) that allows unauthenticated attackers to create administrator accounts via the wpgmp_temp_access_ajax AJAX action. This plugin security flaw enables privilege escalation without requiring login credentials, effectively allowing remote attackers to take full control of affected WordPress sites. Site administrators using WP Maps Pro…

WordPress powers over 43% of the web. That popularity makes it a prime target. In 2024 alone, security researchers discovered and registered 7,966 new vulnerabilities across WordPress plugins, themes, and core — a 34% jump from 2023. Each one got a CVE. If you run a WordPress site and don’t know what a CVE is,…

A security breach in the WordPress context means one of three things: unauthorized access to site files or the database, mass exploitation of a vulnerability across thousands of sites simultaneously, or a supply chain attack where the infection arrives through a trusted update or package. The breaches in this list qualify on at least one…