The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that ...

A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.

Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on ...

Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — but WordPress is having none of it. Cloudflare has unveiled EmDash, a new open-source content management system ...

WordPress's massive installed base isn't going anywhere, but many developers and AI agents are not opting for the product for new sites. Will they go for Cloudflare instead? Cloudflare on Wednesday ...

WordPress remains the world’s favourite content management system (CMS), powering more than 43% of all websites globally. Its popularity comes from its flexibility, ease of use and complete control ...

Ally WordPress plugin carried SQL injection flaw (CVE-2026-2413) Vulnerability left ~246,600 sites exposed to data theft Fixed in version 4.1.0; WordPress urges immediate updates A popular WordPress ...

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk Your email has been sent A vulnerability in a widely used WordPress accessibility plugin could allow ...

Tens of thousands of WordPress websites are vulnerable to full site takeover, thanks to a critical-severity vulnerability just discovered in a popular plugin. Security researchers at Defiant reported ...

The Internet Archive and Automattic have teamed up to tackle one of the web’s biggest annoyances: “link rot.” The two companies have released a new WordPress plugin called Link Fixer that ...

WordPress users warned as millions of attacks reported. Updated October 29 with a correction to the WordPress attack statistics: the correct number is 1.6 million attacks in 48 hours. WordPress ...