Zero-day vulnerability in WordPress YellowPencil Visual CSS Style Editor plugin actively exploited.

We are seeing today a lot of hacked WordPress blogs due to a critical vulnerability in the WordPress YellowPencil Visual CSS Style Editor plugin which has 30,000+ active installations.

WordPress Yuzo Related Posts plugin vulnerability massively exploited.

Hackers are currently actively exploiting a vulnerability in the WordPress Related Posts plugin, which has 60,000+ active installations.

NinjaFirewall (WP Edition) adds PHP backtrace to email notifications.

Starting from version 3.8.3, NinjaFirewall (WP and WP+ Edition) will attach a PHP backtrace to some important email notifications sent to the administrator.

Another day, another zero-day: WordPress Social Sharing Plugin Social Warfare under attack.

A vulnerability in WordPress Social Sharing Plugin – Social Warfare is currently exploited.

Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin.

The popular Easy WP SMTP plugin, which as 300,000+ active installations, was prone to a critical zero-day vulnerability.