ZDNet

PHP Everywhere code execution bugs impact thousands of WordPress websites

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...
Threat Post

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...
Searchenginejournal.com

WordPress Developer Publishes Code To Block Mullenweg’s Web Hosting Clients

A prolific WordPress plugin publisher who has created over three dozen free plugins has released code that other plugin and theme publishers can use to block client’s of Matt Mullenweg’s WordPress.com ...
Ars Technica

Wix gets caught “stealing” GPL code from WordPress

Last Friday, Automattic founder Matt Mullenweg—the founding developer of the WordPress open source blogging and content management platform—posted an open letter on his personal blog accusing the ...
techtimes

Vibe Coding Meets WordPress: From Prototype Vibing to Production & Beyond

Vibe coding is the newest phase of web creation: you describe what you want, the system interprets your intent, and it assembles a site from composable pieces. Think <Hero>, <PricingTable>, ...
Bleeping Computer

WordPress security plugin WP Ghost vulnerable to remote code execution bug

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. WP Ghost is a popular ...