Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data ...

WordPress launches an in-browser website creator

As noted by WordPress, the private sites created using its in-browser workspace “aren’t optimized for traffic, discovery, or ...

Another worrying WordPress plugin security flaw could put 250,000 websites at risk

Ally was carrying an SQL injection flaw that allowed data exfiltration.

Hackers exploiting WordPress membership plugin bug to create admin accounts

A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.

Builderius WordPress Page Builder Integrates Claude AI

Builderius page builder announced an experimental AI integration that can read and apply changes directly inside the builder.
Bleeping Computer

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
tech2geek

How to Add Google reCAPTCHA to Your WordPress Comment Form (Step-by-Step)

Imagine waking up enthusiastically ready to connect with your audience in the comments section, only to find it overwhelmed with irrelevant links, gibberish, and deceptive scams. Dealing with spam can ...
CSOonline

Formerly legitimate Polyfill.io domain abused to serve malicious code

A site formerly used to host a service geared towards adding JavaScript polyfills to web pages to ensure compatibility with older browsers is being abused to serve malicious scripts as part of a ...