SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
Searchenginejournal.com

Essential WordPress Plugins Every Site Should Have

WordPress is the most popular content management system in the world, arguably because of its ability to become virtually any kind of website users want it to be. This flexibility is made possible by ...
Searchenginejournal.com

8 Awesome WordPress Plugins That’ll Make Your Site Mobile-Friendly

WordPress plugins can help make quick work of optimizing your site for mobile visitors. These 8 are good options to try out. The explosion of technology in the 21st century ushered in an era where the ...
Hosted on MSN

This one Obsidian plugin makes the graph feature less overwhelming and actually useful

Obsidian is my favorite note-taking application, bar none, but it has a problem: the graph view, as fun as it is, is practically useless. Even with a relatively small vault, the graph view quickly ...
TechRepublic

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. A web developer discovered dozens of malicious ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.