WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...

An official WordPress.org social media account was used to troll the open source movement to decentralize the WordPress ...

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running ...

WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” resulting from WP Engine’s legal moves. WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” ...

The dispute between WordPress founder Matt Mullenweg and hosting provider WP Engine continues, with Mullenweg announcing that WordPress is “forking” a plug-in developed by WP Engine. Specifically, ...

WordPress is the most popular content management system in the world, arguably because of its ability to become virtually any kind of website users want it to be. This flexibility is made possible by ...

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). The two ...

The move likely won’t have direct impact on most enterprise users, but indirect impact — which could be just as bad — is a definite possibility. Editor’s note: On Jan. 3, 2025, WordPress.org staff ...