Bleeping Computer

WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). The two ...
Bleeping Computer

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the ...
The Verge

WordPress.org’s latest move involves taking control of a WP Engine plugin

WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” resulting from WP Engine’s legal moves. WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” ...