Bleeping Computer

WordPress plugin flaw puts users of 20,000 sites at phishing risk

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. 'WP HTML ...
CSOonline

Critical plugin flaw opens over a million WordPress sites to RCE attacks

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.
TechRadar

50,000 WordPress site affected in major plugin security flaw - here's how to stay safe

Critical bug in ACF: Extended WordPress plugin allows arbitrary role escalation to administrator About 50,000 WordPress sites are vulnerable despite patch in version 0.9.2.2 No exploitation reported ...