The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
Ars Technica

Hundreds of WordPress sites infected by recently discovered backdoor

Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup ...
Technical

Women/InTech: 50 women talk WordPress, JavaScript, startups

Spun out of a roundtable on sustaining a growth of female technologists, Baltimore’s first Women/InTech conference brought out some 50 women for an entry point into the technology community during ...
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.
TechCrunch

WordPress to ditch React library over Facebook patent clause risk

Matt Mullenweg, the co-founder of the popular open source web publishing software WordPress, has said the community will be pulling away from using Facebook’s React JavaScript library over concerns ...
Forbes

How WordPress Ate The Internet in 2016... And The World in 2017

WordPress is the most popular CMS in the world and is used by nearly 75 million websites. According to WordPress, more than 409 million people view more than 23.6 billion pages each month and users ...