TechRadar

This popular WordPress security plugin has a worrying flaw which exposed user data

WordPress plugin flaw let low-privileged users access sensitive server files and credentials CVE-2025-11705 affects plugin versions 4.23.81 and earlier; patch released October 15 About 50,000 sites ...
Searchenginejournal.com

WordPress Boots Pirated Themes and Plugins

WordPress.org announced that plugins and themes that are pirated versions of paid plugins and themes will be removed from the official WordPress repositories. The WordPress community debated if that ...
Bleeping Computer

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use ...
Searchenginejournal.com

WordPress Takes A Bite Out Of Plugin Attacks

WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords in order to prevent additional website compromises due to the ongoing ...

Cloudflare made a WordPress for AI agents

Cloudflare, the cloud provider that connects millions of sites to the internet, wants to “fix” another digital giant: ...