TechRadar

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

W3 Total Cache plugin flaw CVE-2025-9501 enables unauthenticated PHP command injection Affects all versions before 2.8.13; ~327,000+ sites remain at risk WPScan PoC exploit set for Nov 24, raising ...
TechRadar

Nearly a million WordPress websites could be at risk from this serious plugin security flaw

WPvivid Backup & Migration plugin vulnerable to critical RCE flaw CVE-2026-1357 Exploitation requires “receive backup from another site” option enabled, with 24 ...