TechRepublic

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. A web developer discovered dozens of malicious ...
Bleeping Computer

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. A malicious actor planted the backdoor ...
TechSpot

Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk

A hot potato: WordPress plugins can significantly expand the native capabilities of the popular content management system, but they can also become a double edged sword. When malicious code finds its ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
TechRadar

WordPress websites under attack — expert report says dozens of plugins hijacked to target thousands of sites

Malicious actor bought 31 WordPress plugins from Essential Plugin Updates injected backdoors, granting full site access Spam campaigns hidden from owners, C2 resolved via Ethereum smart contract A ...
TechCrunch

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on ...
Infosecurity-magazine.com

Critical Vulnerability in Ninja Forms Exposes WordPress Sites

A critical arbitrary file upload vulnerability in Ninja Forms – File Upload Plugin has been identified, exposing thousands of WordPress sites to potential compromise. The issue affects plugin versions ...
TechRepublic

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in. A vulnerability in a widely used WordPress ...
Searchenginejournal.com

Joost de Valk Exits Federated WordPress Repository Project

Joost De Valk, founder of Yoast SEO, announced that he is stepping away from FAIR, a Linux Foundation project for creating an independent repository of themes and plugins. The FAIR project was ...
ZDNet

I got 4 years of product development done in 4 days for $200, and I'm still stunned

ChatGPT Pro delivers nonstop coding assistance. Context switching, once a bottleneck, disappears. Marketing now takes longer than development. Four years of product development in four days, for $200.
CMS Wire

Crownpeak Launches FirstSpirit Quality Management Tools for Drupal & WordPress

Drupal site governance. Site owners and agencies can streamline compliance, reducing content risk. Crownpeak released new open-source modules for its FirstSpirit product suite that bring its Digital ...