TechRadar

This popular WordPress security plugin has a worrying flaw which exposed user data

WordPress plugin flaw let low-privileged users access sensitive server files and credentials CVE-2025-11705 affects plugin versions 4.23.81 and earlier; patch released October 15 About 50,000 sites ...
Bleeping Computer

WordPress plugin flaw puts users of 20,000 sites at phishing risk

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. 'WP HTML ...