Threat Post

WordPress REST API Bug Could Be Used in Stored XSS Attacks

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks. The recently patched WordPress REST API Endpoint vulnerability is ...
Bleeping Computer

WordPress Fixes Auto-Update and API Servers Security Flaws

The WordPress team has addressed a security flaw in the API servers responsible for the CMS' update mechanism, which if exploited, would have allowed an attacker to deploy backdoors and malware to 27% ...
The Next Web

WordPress adds post embedding and REST API integration to its latest version

WordPress, the wildly popular CMS that powers 25 percent of all of the planet’s websites, has received an update with a raft of new features, including the ability to share entire posts on other sites ...
Threat Post

20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...
Searchenginejournal.com

Why WordPress 6.9 Abilities API Is Consequential And Far-Reaching

WordPress 6.9, scheduled for release on December 2, 2025, is shipping with a new Abilities API that introduces a new system designed to make advanced AI-driven functionality possible for themes and ...