Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
Searchenginejournal.com

Why WordPress 6.9 Abilities API Is Consequential And Far-Reaching

WordPress 6.9, scheduled for release on December 2, 2025, is shipping with a new Abilities API that introduces a new system designed to make advanced AI-driven functionality possible for themes and ...
Bleeping Computer

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...

New WordPress Initiative Will Secure Plugins And Themes

WordPress announced the Protect The Shire initiative to make all plugins and themes in its repositories and directories ...