New WordPress Initiative Will Secure Plugins And Themes

WordPress announced the Protect The Shire initiative to make all plugins and themes in its repositories and directories ...
TechRadar

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

W3 Total Cache plugin flaw CVE-2025-9501 enables unauthenticated PHP command injection Affects all versions before 2.8.13; ~327,000+ sites remain at risk WPScan PoC exploit set for Nov 24, raising ...
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

Attacks on Burst Statistics plugin for WordPress

Attackers are exploiting a critical vulnerability in the WordPress plugin Burst Statistics. It allows for instance takeover.