Articles

Jun 22

WordPress 7.1 May Give Your Site a Built-In Content Standards Hub

A merge proposal would add a Knowledge post type and Guidelines feature to WordPress 7.1, giving site owners a built-in place to store editorial rules.

WordPress Updates

Jun 22

The Official WordPress Swag Store Has a New Look

Mercantile, the official WordPress swag store, has been rebuilt on blocks and WooCommerce running WordPress 7.0.

WordPress Updates

Jun 19

Avada Builder has a critical file deletion flaw

Avada Builder users should update now. A patched flaw can let attackers delete server files without logging in.

Jun 19

Issue 6: Bad week for trusted updates

Trusted plugin updates spread malware this week. OptinMonster, TrustPulse, and ShapedPlugin Pro were all compromised. Check your admin accounts now.

5 min

Jun 18

Update Gravity SMTP now, attackers are targeting unpatched sites

Attackers are hitting a Gravity SMTP flaw that can expose email service keys, secrets, and login tokens.

Jun 17

ShapedPlugin Pro updates carried a backdoor

Attackers slipped a backdoor into ShapedPlugin Pro plugin updates sent through the official licensed channel.

Jun 15

Check for rogue admins if you use OptinMonster, TrustPulse, or PushEngage

A supply chain attack tampered with scripts from three marketing plugins and created hidden WordPress admin accounts.

Jun 12

Issue 5: Security got stricter

WordPress added a 24-hour delay before plugin auto-updates. UpdraftPlus patched a site takeover bug. Update now if you ever connected it to UpdraftCentral.

Jun 11

UpdraftPlus fixed a critical site takeover bug

If you use UpdraftPlus and connected it to UpdraftCentral, update now to close a critical admin takeover risk.

Jun 05

Issue 04: Patch now, watch 7.1

Three plugins have critical flaws under active attack. Burst Statistics, Everest Forms Pro, and Kirki all need updating before anything else this week.

Jun 04

Update Everest Forms Pro now, attackers are exploiting a critical bug

Attackers are exploiting a critical Everest Forms Pro bug that can let them take over unpatched WordPress sites.

Jun 03

Update Burst Statistics now, attackers are already using a site takeover flaw

Burst Statistics users should update to 3.4.2 now. Attackers are already exploiting a critical flaw that can take over a site.

Jun 02

Update Kirki now to stop an account takeover flaw

A Kirki plugin flaw could let attackers take over WordPress accounts, including admins. Update the plugin now.

May 29

Update WP Maps Pro now, this bug can hand over your site

A WP Maps Pro flaw lets attackers create admin accounts. If you use the plugin, update to 6.1.1 now.

May 29

Issue 3: Update now, lock it down

WordPress 7.0 had a strong first week. Most sites can update with confidence. WP Maps Pro has a critical flaw that lets attackers create admin accounts.

May 22

Issue 2: Test 7.0, patch checkout now

WordPress 7.0 is out. A critical FunnelKit flaw is stealing payment data from checkout pages. Recurring malware usually means a server breach.

May 21

Malware that keeps coming back may be a server breach, not a WordPress bug

If redirect malware returns after cleanup, your server may be compromised outside WordPress.

May 20

WordPress 7.0 Adds AI Tools, a New Dashboard, and Better Editing Controls

WordPress 7.0 is a major release with AI tools, a refreshed dashboard, new blocks, and stronger design controls.

WordPress Updates

May 16

Critical FunnelKit flaw lets attackers steal WooCommerce payment data

Attackers actively exploit a FunnelKit flaw to inject payment skimmers into WooCommerce checkout pages.

May 15

Issue 1: 7.0 Gets Real

WordPress 7.0 is nearly out. Burst Statistics and Avada Builder both have critical flaws to patch now. The AI plugin for WordPress hits 1.0 this week.

6 min

May 13

Update Burst Statistics and Avada Builder Right Away

Burst Statistics has a critical admin bypass. Avada Builder can expose files and database data. Update both plugins now.