WordPress Releases 6.9.4 After Incomplete Security Fixes in Versions 6.9.2 and 6.9.3
WordPress released version 6.9.4 after discovering that earlier updates failed to fully apply fixes for ten security vulnerabilities affecting versions up to 6.9.1.
Critical W3 Total Cache Vulnerability Exposes Over One Million WordPress Sites to Remote Code Execution
A critical vulnerability in the W3 Total Cache WordPress plugin allows unauthenticated PHP command injection, leaving hundreds of thousands of sites exposed. Learn how CVE-2025-9501 works, its risks, and the urgent steps administrators should take to secure their sites.
WPBakery Plugin Vulnerability Could Let Insiders Slip in Malicious Code
A newly disclosed vulnerability in the WPBakery Page Builder plugin allows authenticated users to inject malicious code into WordPress sites. Learn what’s affected, why it matters, and how to secure your site from this stored XSS flaw.
Severe WordPress Plugin Flaws Put 20,000+ Travel Websites at Risk
Two critical vulnerabilities in the WP Travel Engine plugin put over 20,000 WordPress travel sites at risk. Both allow unauthenticated attackers to take full control of websites. Immediate updates are strongly advised.
Critical Vulnerability in WordPress Anti-Spam Plugin Exposes 200,000+ Websites to Attack
Discover the critical vulnerability in the CleanTalk Anti-Spam WordPress plugin, affecting 200k+ sites. Learn how attackers exploit reverse DNS spoofing for unauthorized access and how to secure your site with updates and proactive measures. Stay protected with these essential tips!
