WordPress Plugin Vulnerabilities

Critical, high‑severity security flaws in widely used WordPress plugins (SQLi, RCE, auth bypass, privilege escalation) are being actively exploited to create admin accounts, deploy backdoors, and take over sites, prompting vendor patches and urgent update and audit recommendations.

List of posts related to this topic

Post Title	Date Published↓	Describes Incident	Feed
Critical WordPress Plugin Flaw Allows Unauthorized Access to Websites	2026-05-14	True	GBHackers Not Subscribed
40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover	2026-05-02	True	securityonline.info Not Subscribed
Critical WordPress Plugin Flaw Lets Attackers Bypass Authentication and Gain Admin Access	2026-04-13	True	cybersecurityNews.com Not Subscribed
Critical WordPress Plugin Bug Allows Authentication Bypass, Admin Takeover	2026-04-13	True	Cyber Press Not Subscribed
WordPress Membership Plugin Flaw Lets Attackers Create Admin Accounts	2026-03-06	True	GBHackers Not Subscribed
WordPress membership plugin bug exploited to create admin accounts	2026-03-05	True	Bleeping Computer Not Subscribed
WordPress Security Alert: Critical Privilege Escalation Flaw in Popular Membership Plugin	2026-03-04	True	securityonline.info Not Subscribed
WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks	2026-02-12	True	cybersecurityNews.com Not Subscribed
WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks	2026-02-12	True	GBHackers Not Subscribed
ACF plugin bug gives hackers admin on 50,000 WordPress sites	2026-01-20	True	Bleeping Computer Not Subscribed
Critical WordPress Plugin Vulnerability Exposes 100,000+ Websites to Privilege Escalation Attacks	2026-01-20	True	GBHackers Not Subscribed
Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code	2025-12-04	True	cybersecurityNews.com Not Subscribed
Severe WordPress Plugin Flaw Puts Over 600,000 Sites at Risk of Remote Takeover	2025-07-02	True	Cyber Press Not Subscribed
20,000 WordPress Sites at Risk of File Upload & Deletion Exploits	2025-04-02	True	GBHackers Not Subscribed
Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover	2024-11-18	True	Dark Reading Not Subscribed
Hackers are exploiting critical bug in LiteSpeed Cache plugin	2024-08-22	True	Bleeping Computer Not Subscribed
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks	2024-08-21	True	Bleeping Computer Not Subscribed
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites	2024-05-08	True	The Hacker News Not Subscribed
Hackers exploit LiteSpeed Cache flaw to create WordPress admins	2024-05-07	True	Bleeping Computer Not Subscribed
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites	2024-04-26	True	The Hacker News Not Subscribed
WP Automatic WordPress plugin hit by millions of SQL injection attacks	2024-04-25	True	Bleeping Computer Not Subscribed
WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites	2024-02-27	True	The Hacker News Not Subscribed