Dark Reading

WP Engine Accuses WordPress of 'Forcibly' Taking Over Its Plug-in

Organizations using WordPress plug-in Advanced Custom Fields (ACF) are in the middle of an ugly and very public dispute between WP Engine (WPE), the maker of the plug-in, and Matt Mullenweg, the ...

Hackers exploit WordPress plugin security flaw exposing 40,000 websites to complete takeover risk - here's how to stay safe

In its write-up, Patchstack said the flaw is already being exploited in the wild, and that first attacks were detected on ...
Ars Technica

Critical WordPress plugin vulnerability under active exploit threatens thousands

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...
Fast Company

WordPress veterans launch FAIR project to tackle security and control concerns

The recent travails of WordPress have caused consternation among the web community that relies on the platform, which powers more than four in ten websites online today. Now, a coalition of prominent ...
Searchenginejournal.com

WordPress Just Locked Down Security For All Plugins & Themes

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...
Tech.co

Study Reveals Huge WordPress Security Issues

WordPress may be one of the most popular website builders in the world, but a recent study found that it’s plagued with a wide range of substantial security vulnerabilities that never get patched.
Bleeping Computer

Fake WordPress security advisory pushes backdoor plugin

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...