Searchenginejournal.com

WordPress Plugins Compromised At The Source – Supply Chain Attack

Typically what happens is that a plugin contains a weakness (a vulnerability) that allows an attacker to compromise individual sites that use that version of a plugin. But these compromises are ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
ZDNet

How I used ChatGPT to analyze, debug, and rewrite a broken plugin from scratch - in an hour

I am not a morning person, yet my alarm goes off at 5:30 am every day. This is because the editorial team I work with is on the East Coast, and I'm in Oregon. I do a quick check of email and Slack to ...
Bleeping Computer

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the ...
InfoWorld

The makers and takers of WordPress

The idea of open-source software seems kind of nuts. Millions (billions?) of lines of code doing all kinds of amazing things and available for free? That sounds too good to be true. But it is true.
ZDNet

What WordPress users need to know about the Automattic and WP Engine conflict

A long, long time ago, I built websites by hand using the vi editor to write HTML. It was hard. Then along came NoteTab and Bluefish, which made writing and editing HTML easier but still a pain.
TechSpot

Automattic and WP Engine go to war, the latter gets banned from using WordPress.org resources

A hot potato: The ongoing drama over WordPress and copyright is heating up. Automattic wants WP Engine to pay for using WordPress open-source technology. However, the hosting service demands that the ...