Hackers hijack WordPress sites to spread malware using fake CAPTCHA

A ClickFix attack can come in all shapes and sizes, including through compromised WordPress websites.

WordPress debuts a private workspace that runs in your browser via a new service, my.WordPress.net

WordPress’s new browser-based service lets users create private sites without hosting or signup, turning the platform into a personal workspace for writing, research, and AI tools.
Bleeping Computer

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...

Hackers exploiting WordPress membership plugin bug to create admin accounts

A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.
IT-Online

WordPress Developer – Gauteng Johannesburg

A long-standing full-service digital marketing and PR agency specializing in driving sales, brand awareness, and online presence, is seeking a WordPress Developer who will handle everything from ...

PoshBuilder AI Enters Beta With Desktop IDE and Self-Hosted CMS Built to Challenge Cursor and WordPress

All-in-One Platform Combines AI-Powered Coding, Visual Building, and Deployable CMS for Modern Web Development LOS ...
Digital Trends

This new WordPress plugin uses the Wayback Machine to help you see fewer dead links

The Internet Archive and Automattic have teamed up to tackle one of the web’s biggest annoyances: “link rot.” The two companies have released a new WordPress plugin called Link Fixer that ...
Forbes

WordPress.org Review 2026: Features, Pros And Cons

Jennifer Simonson is a business journalist with a decade of experience covering entrepreneurship and small business. Drawing on her background as a founder of multiple startups, she writes for Forbes ...
TechRadar

Hackers exploit WordPress plugin security flaw exposing 40,000 websites to complete takeover risk - here's how to stay safe

Patchstack found critical Modular DS flaw (CVE-2026-23550) allowing admin bypass Vulnerability scored 10/10 and is already being exploited in the wild Vendor released fix in version 2.5.2; users urged ...
GitHub

The Async JavaScript plugin for WordPress is vulnerable...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
Infosecurity-magazine.com

Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable

More than 10,000 WordPress sites have been left vulnerable to full site takeover due to three critical security flaws discovered in the HT Contact Form Widget for Elementor Page Builder & Gutenberg ...
SecurityWeek

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. A vulnerability in the Forminator WordPress plugin could allow attackers ...