🚀 Black Friday Deal! 50% off Developer Plan for 6 months

The latest WordPress security news and insights

Featured articles

21 November, 2024

Unauthenticated Arbitrary File Read Vulnerability in Jobify Theme

                Critical Vulnerability            

                ENVATO            

                File Read            

14 November, 2024

Critical Account Takeover Patched in Really Simple Security Plugin

                Critical Vulnerability            

                account takeover            

                Really Simple Security            

13 November, 2024

Nearly 1000 Plugins Closed During WordPress Security Cleanup

                security            

                bug bounty            

15 April, 2024

How to Use CAPTCHAs on WordPress to Protect Your Site from Bots and Spammers

4 April, 2024

Unpatched Authenticated RCE in Oxygen and Breakdance Builder

                rce            

                oxygen            

                breakdance            

                remote code execution            

                privilege escalation

3 April, 2024

Critical Vulnerabilities Patched in REHub Theme and Plugin

                Critical Vulnerability            

                SQL Injection            

                REHub            

                Local File Inclusion

19 March, 2024

Critical Vulnerabilities Patched in WordPress Automatic Plugin

                SQL Injection            

                Automatic            

                Arbitrary File Download            

                Critical Vulnerability            

                ssrf

12 March, 2024

Critical Vulnerability Found in GOTMLS Plugin

                Critical Vulnerability            

                rce            

27 February, 2024

XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites

                xss            

                LiteSpeed Cache            

26 February, 2024

Understanding XML-RPC in WordPress (What It Is, Security Risks, How to Disable It)

21 February, 2024

Guide to Forcing User Logout in WordPress: When and How

« Previous 1 … 10 11 12 13 14 … 35 Next »

Website security

Pricing For WordPress For WooCommerce For agencies API for hosts Documentation Log in

For plugin devs

Managed VDP

Log in

Active programs Security auditing

Compliance (CRA)

For researchers

Bug bounty

Log in

Guidelines Leaderboard

Learn

Discord

Resources

Vulnerability database Whitepaper 2025

Vulnerability statistics

Case studies

Articles

Patchstack

About Careers Merch store Media kit

Socials

LinkedIn Facebook X

DPA Privacy Policy Terms & Conditions

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.

Reload page

The latest WordPress security news and insights

Featured articles

Unauthenticated Arbitrary File Read Vulnerability in Jobify Theme

Critical Account Takeover Patched in Really Simple Security Plugin

Nearly 1000 Plugins Closed During WordPress Security Cleanup

Monthly security advice

How to Use CAPTCHAs on WordPress to Protect Your Site from Bots and Spammers

Unpatched Authenticated RCE in Oxygen and Breakdance Builder

Critical Vulnerabilities Patched in REHub Theme and Plugin

Critical Vulnerabilities Patched in WordPress Automatic Plugin

Critical Vulnerability Found in GOTMLS Plugin

XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites

Understanding XML-RPC in WordPress (What It Is, Security Risks, How to Disable It)

Announcing the Patchstack WordPress Security Weekly Newsletter

Critical RCE Patched in Bricks Builder Theme

How To Add Two-Factor Authentication To WordPress

How to Stop WordPress Spam Comments: A Comprehensive Guide

Guide to Forcing User Logout in WordPress: When and How

Website security

For plugin devs

For researchers

Resources

Patchstack

Socials

Website security

For plugin devs

For researchers

Resources

Patchstack

Socials