Plugin Security

(3 articles)

May 15, 2026

Avada Builder Flaws Enable WordPress Credential Theft

Two Avada Builder plugin vulnerabilities affect 1M+ WordPress sites, enabling file reads and SQL injection attacks. Learn what's exposed and how to patch now.

April 23, 2026

Breeze Cache WordPress Plugin File Upload Exploit

CVE-2026-3844 lets unauthenticated attackers upload arbitrary files to WordPress sites running Breeze Cache. 170+ exploits logged. Patch now.

April 15, 2026

WordPress EssentialPlugin Suite Hacked to Push Malware

30+ WordPress plugins in the EssentialPlugin package were backdoored to push malware via updates. Here's what happened and how to protect your site.