WordPress 6.8.2 Patches Stored XSS in Block Editor
WordPress released version 6.8.2 on April 21, fixing two stored cross-site scripting (XSS) vulnerabilities in the block editor.…
Blog
WordPress Security Checklist 2026: 10 Steps to Harden Your Site
WordPress Security Checklist 2026. Keeping a WordPress site secure in 2026 isn’t about installing a single plugin and…
CVE-2026-4119: Authorization Bypass in Create DB Tables Plugin Exposes WordPress Databases
CVE-2026-4119 Create DB Tables. A critical authorization bypass vulnerability affects the Create DB Tables WordPress plugin. The disclosure…
CVE-2025-4665: Pre-Authentication SQL Injection in CFDB7 Puts 600,000+ WordPress Sites at Risk
A critical SQL injection flaw (CVSS 9.6) in the Contact Form CFDB7 Database Addon plugin allows unauthenticated attackers…
My WordPress Site Was Hacked – Here’s Exactly What to Do
A step-by-step incident response guide for hacked WordPress sites. From locking down access and scanning for malware to…
CVE-2026-0740: Inside the Ninja Forms File Upload Flaw Under Mass Exploitation
On April 6, 2026, Wordfence publicly disclosed a critical unauthenticated arbitrary file upload vulnerability in the Ninja Forms…
Decryption Failure, Full Takeover: Inside the WPvivid Backup RCE (CVE-2026-1357)
A missing return-value check in WPvivid Backup and Migration turned a failed RSA decryption into an unauthenticated remote…
What Are CAA Records and Why Your WordPress Site Should Have Them
CAA records tell the world which Certificate Authorities are allowed to issue SSL certificates for your domain. Here…
Permissions Policy: How to Stop Websites from Accessing Your Camera, Microphone, and More
Permissions Policy lets you control which browser features are allowed on your site - camera, microphone, geolocation, clipboard…
What Is Content Security Policy and Why Your WordPress Site Needs It
Content Security Policy (CSP) is one of the most powerful browser security features available today. Learn what it…