Articles
Everything we've published, in reverse order. The Weekend Within roundup ships every weekend. The standalone articles take a closer look at one specific WordPress topic.
Update Burst Statistics now, attackers are already using a site takeover flaw
Burst Statistics users should update to 3.4.2 now. Attackers are already exploiting a critical flaw that can take over a site.
Update Kirki now to stop an account takeover flaw
A Kirki plugin flaw could let attackers take over WordPress accounts, including admins. Update the plugin now.
Update WP Maps Pro now, this bug can hand over your site
A WP Maps Pro flaw lets attackers create admin accounts. If you use the plugin, update to 6.1.1 now.
Issue 3: Update now, lock it down
WordPress 7.0 looks stable. Patch one plugin fast, protect AI keys, and ask your host better questions.
Issue 2: Test 7.0, patch checkout now
WordPress 7.0 lands, AI tools mature, and two security stories call for fast action.
Malware that keeps coming back may be a server breach, not a WordPress bug
If redirect malware returns after cleanup, your server may be compromised outside WordPress.
WordPress 7.0 Adds AI Tools, a New Dashboard, and Better Editing Controls
WordPress 7.0 is a major release with AI tools, a refreshed dashboard, new blocks, and stronger design controls.
Critical FunnelKit flaw lets attackers steal WooCommerce payment data
Attackers actively exploit a FunnelKit flaw to inject payment skimmers into WooCommerce checkout pages.
Issue 1: 7.0 Gets Real
WordPress 7.0 nears launch, AI picks up speed, major plugin flaws surface, and vendor shakeups hit the market.
Update Burst Statistics and Avada Builder Right Away
Burst Statistics has a critical admin bypass. Avada Builder can expose files and database data. Update both plugins now.