WordPress News & Coverage
Enterprise digital transformation is a strategic shift integrating technology, culture, and operations at scale. It demands modern tech stacks, strong security, data readiness, and clear business outcomes for success.
Wordfence Intelligence reports 75 new WordPress vulnerabilities disclosed in plugins and themes during May 4–10, 2026, with critical flaws prompting immediate firewall updates.
GravityKit has become the first commercial WordPress plugin company to implement cryptographic signing, enhancing security across nearly 30 plugins on 60,000+ sites.
Wordfence researchers uncovered a critical authentication bypass in the Burst Statistics plugin impacting over 200,000 WordPress sites. Immediate updates to version 3.4.2 are essential to prevent administrator impersonation.
The Avada Builder WordPress plugin with 1 million active sites has critical Arbitrary File Read and SQL Injection vulnerabilities. Immediate patching is essential.
The latest Wordfence Intelligence report reveals 87 WordPress vulnerabilities disclosed last week, with critical patches and new firewall rules deployed to protect sites.
An authenticated arbitrary file upload vulnerability affecting Slider Revolution 7.0.0 to 7.0.10 has been patched in version 7.0.11. This flaw allowed subscriber-level users to achieve remote code execution.
A critical Arbitrary File Upload vulnerability in Breeze Cache plugin is actively exploited, risking remote code execution on 400,000 WordPress sites. Immediate update to version 2.4.5 is vital.
WordPress.org removed the Quick Page/Post Redirect plugin after uncovering a backdoor that allowed malicious updates from an attacker-controlled server for over five years.
Austin Ginder has revealed his fourth WordPress plugin backdoor in a month, exposing ongoing supply chain risks and launching WP Beacon, a new automated backdoor scanner.
