A security breach in the WordPress context means one of three things: unauthorized access to site files or the database, mass exploitation of a vulnerability across thousands of sites simultaneously, or a supply chain attack where the infection arrives through a trusted update or package. The breaches in this list qualify on at least one…

WordPress powers over 43% of the web. That popularity makes it a prime target. In 2024 alone, security researchers discovered and registered 7,966 new vulnerabilities across WordPress plugins, themes, and core — a 34% jump from 2023. Each one got a CVE. If you run a WordPress site and don’t know what a CVE is,…

A critical vulnerability has been discovered in WP Maps Pro (versions ≤ 6.1.0) that allows unauthenticated attackers to create administrator accounts via the wpgmp_temp_access_ajax AJAX action. This plugin security flaw enables privilege escalation without requiring login credentials, effectively allowing remote attackers to take full control of affected WordPress sites. Site administrators using WP Maps Pro…

In May 2026, security researchers disclosed over 500 WordPress plugin vulnerabilities, including 28 critical issues, 118 high-severity flaws, and 344 medium-risk vulnerabilities. The high number of critical issues points to a clear pattern: attackers and researchers continue to uncover severe flaws in unauthenticated privilege escalation, arbitrary file uploads, and authentication bypass mechanisms. Most vulnerabilities now…

A critical authentication bypass in the Hippoo Mobile App for WooCommerce plugin lets unauthenticated attackers seize administrator accounts with a single API call. No credentials required. A severe security flaw in the Hippoo Mobile App for WooCommerce plugin gives any anonymous attacker administrator-level access to affected WordPress sites. No username. No password. Just a single…

A major security flaw has shaken up the WordPress community. Security researchers found a critical zero-day vulnerability, tracked as CVE-2026-8365, in the popular Blocksy WordPress theme. Blocksy is a favorite choice for digital agencies and large business websites because it is fast and highly customizable. However, if you are running Blocksy version 2.1.41 or older,…