The Day a Plugin Update Took Down 100,000 Sites
A supply chain attack on a popular caching plugin silently compromised over 100,000 WordPress sites in 48 hours.…
Tag
wordpress
CVE-2025-7384: PHP Object Injection in Database for Contact Form 7 Plugin (CVSS 9.8)
A critical PHP Object Injection flaw (CVE-2025-7384, CVSS 9.8) in the Database for Contact Form 7, WPforms, and…
WordPress Database Optimization: Clean Up Your Tables for Better Performance
A slow WordPress site often traces back to one hidden cause: database bloat. Over time, your database fills…
The WooCommerce Order Notification Flaw: How a Plugin Exposed 50,000 Stores
The Nightmare Scenario That Became Real Imagine running an online store with 1,000 products. You spent years building…
April 2026 WordPress Vulnerability Roundup: 10 Critical Flaws Patched This Month
April 2026 was a heavy month for WordPress security. Researchers published ten significant CVEs this month. This April…
Critical Arbitrary File Move in MW WP Form Plugin
Introduction The MW WP Form plugin helps WordPress site owners build custom forms. It supports file uploads, data…
CrawlerX Botnet Uses 500,000 Residential IPs to Brute-Force WordPress Sites
A new botnet called CrawlerX is brute-forcing WordPress admin accounts using half a million residential IP addresses. Unlike…
WordPress 6.8.2 Patches Stored XSS in Block Editor
WordPress released version 6.8.2 on April 21, fixing two stored cross-site scripting (XSS) vulnerabilities in the block editor.…
CVE-2026-4119: Authorization Bypass in Create DB Tables Plugin Exposes WordPress Databases
CVE-2026-4119 Create DB Tables. A critical authorization bypass vulnerability affects the Create DB Tables WordPress plugin. The disclosure…
7 WordPress Security Mistakes That Leave Your Site Wide Open
Most WordPress sites get hacked not because of sophisticated attacks, but because of simple mistakes that are easy…