Threat Post

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. For the second time this month a patch has been ...
CMSWire

Meet EmDash, the Cloudflare CMS and WordPress 'Spiritual Successor'

Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — but WordPress is having none of it.
Bleeping Computer

Wordpress Slick Popup Plugin Contains Vulnerable Support Backdoor

Hackers subscribed to WordPress websites running Slick Popup plugin can take over the website by enabling a backdoor administrator account with hardcoded credentials. The vulnerability is active at ...
TechCrunch

WordPress.com owner Automattic acquires an ActivityPub plug-in so blogs can join the Fediverse

WordPress.com sites now have an easier way to integrate with the Fediverse, including Mastodon. Automattic, the company behind WordPress.com, Tumblr and other web publishing tools, is the new owner of ...
The Verge

WordPress now offers official support for ActivityPub

The ActivityPub plug-in is now available for all WordPress.com plans, allowing users to communicate with each other across other federated platforms like Mastodon. The ActivityPub plug-in is now ...

Cloudflare announces secure, open-source, WordPress-compatible CMS - EmDash

Cloudflare has entered the content management market with the early developer preview of EmDash, an open-source CMS ...
Bleeping Computer

Backdoor baked into premium school management plugin for WordPress

Security researchers have discovered a backdoor in a premium WordPress plugin designed as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code ...