The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Ultimate Member WordPress Plugin Vulnerability Affects Up To 200k Sites

A vulnerability in the popular Ultimate Member WordPress plugin enables account takeover by exposing password reset links.
Searchenginejournal.com

How to Choose WordPress Plugins

WordPress plugins are helpful. But they can also slow a site down, invite hackers and even cause a Google penalty. These are my top five considerations when choosing a WordPress plugin. The plugin is ...
Fireship on MSN

Data theft: The dark side of WordPress plugins

A recent attack compromised over 30 WordPress plugins through a backdoor acquired by purchasing the original developers. This ...
Forbes

10 Best WordPress Plugins You Should Have In 2026

Editorial Note: Forbes Advisor may earn a commission on sales made from partner links on this page, but that doesn't affect our editors' opinions or evaluations. In 2024, WordPress is one of the most ...
Search Engine Land

Best WordPress plugins to improve SEO

A look at popular WordPress SEO plugins to boost rankings, improve site speed, and optimize content. Your WordPress site might be packed with great content and stunning visuals, but without proper ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
Security Boulevard

Hackers Exploit Gravity SMTP WordPress Plugin Vulnerability

What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress ...