Searchenginejournal.com

WordPress Plugins Compromised At The Source – Supply Chain Attack

Typically what happens is that a plugin contains a weakness (a vulnerability) that allows an attacker to compromise individual sites that use that version of a plugin. But these compromises are ...
Bleeping Computer

WordPress security plugin WP Ghost vulnerable to remote code execution bug

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. WP Ghost is a popular ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
The Verge

The latest on the WordPress fight over trademarks and open source

In late September, Automattic CEO and WordPress cofounder Matt Mullenweg started a public dispute with the hosting provider WP Engine, calling the company “a cancer to WordPress.” He accused WP Engine ...
InfoWorld

The makers and takers of WordPress

The idea of open-source software seems kind of nuts. Millions (billions?) of lines of code doing all kinds of amazing things and available for free? That sounds too good to be true. But it is true.