Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
Threat Post

PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE

The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Tens of ...
TechRadar

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

W3 Total Cache plugin flaw CVE-2025-9501 enables unauthenticated PHP command injection Affects all versions before 2.8.13; ~327,000+ sites remain at risk WPScan PoC exploit set for Nov 24, raising ...
Bleeping Computer

Over 90 WordPress themes, plugins backdoored in supply chain attack

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 ...
The Droid Guy

How to Identify Which WordPress Plugin or Theme Is Blocking Your PHP Update and Preventing a Smooth Upgrade

If you’ve logged into your WordPress dashboard and seen the warning that your site is running on PHP 7.4.33, you’re not alone. This outdated version no longer receives security updates, which makes ...
ZDNet

I asked ChatGPT to write a WordPress plugin I needed. It did it in less than 5 minutes

Not to put too fine a point on it but I'm more than a little freaked out. As an experiment, I asked ChatGPT to write a plugin that could save my wife some time with managing her website. I wrote a ...