SecurityWeek

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover

Many websites exposed to account takeover due to a critical vulnerability in the email delivery WordPress plugin Post SMTP.

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 ...
Dark Reading

Critical Site Takeover Flaw Affects 400K WordPress Sites

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and ...

Attacks observed: Vulnerability in WordPress Post SMTP plug-in allows takeover

Attacks are targeting a security vulnerability in the WordPress plug-in Post SMTP. It allows unauthenticated attackers to ...

WordPress Anti-Malware Plugin Flaw Exposes 100K Sites To An Alarming Security Threat

A new threat in is the wild affecting sites that run WordPress, a popular content management system. Wordfence, a company that focuses on security research in the WordPress ecosystem, is reporting ...

Another major WordPress add-on security flaw could affect 10,000 sites - find out if you're affected

King Addons for Elementor, a commercial WordPress plugin that extends the Elementor page builder with extra website builder ...
PensionsAge

Appointments update - 21 May 2025

Scottish Widows has announced the appointment of Oke Eleazu and Maria Herrero-Bullich to its Independence Governance Committee (IGC). Eleazu, a customer service and digital transformation specialist, ...
CSO Online

WordPress plugin hole enables account takeover

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can ...