WordPress News & Coverage
An authenticated arbitrary file upload vulnerability affecting Slider Revolution 7.0.0 to 7.0.10 has been patched in version 7.0.11. This flaw allowed subscriber-level users to achieve remote code execution.
WordPress.org has closed 31 plugins due to a backdoor planted post-acquisition on Flippa. The malicious code remained dormant for eight months before activation.
154 vulnerabilities were disclosed last week across 118 plugins and 23 themes. Wordfence tools help users monitor and patch risks effectively.
A critical vulnerability in Ninja Forms – File Upload plugin is actively exploited, affecting 50,000 WordPress sites. Update to version 3.3.27 immediately.
Critical RCE vulnerability in Kali Forms plugin actively exploited since March 20, 2026. Over 312,200 attacks blocked by Wordfence. Update to version 2.4.10 immediately.
Wordfence's latest report reveals 54 vulnerabilities across 49 WordPress plugins, with 52 patched. XSS leads vulnerabilities, highlighting security risks.
Many WordPress hosts misuse 'enterprise-ready,' focusing on traffic instead of governance and security. Here's what truly defines enterprise hosting.
A critical vulnerability in Ninja Forms – File Upload plugin exposes 50,000 WordPress sites to remote code execution attacks. Update to version 3.3.27 immediately.
Wordfence Intelligence reports 106 vulnerabilities in WordPress plugins and themes last week, with high-threat bug bounty rewards available until April 6.
A vulnerability in MW WP Form plugin affects 200,000 WordPress sites, risking file moves like wp-config.php. Update to version 5.1.1 immediately.
