Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...
Threat Post

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...
The Hacker News

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a ...
The Hacker News

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed ...
Houston Chronicle

How to Remove Google Analytics Code From a WordPress Footer

Google Analytics tracks visitor and keyword information on your website, giving you valuable insight into viewing and search habits. Installing Google Analytics into a WordPress-driven website is easy ...
Ars Technica

Wix gets caught “stealing” GPL code from WordPress

Last Friday, Automattic founder Matt Mullenweg—the founding developer of the WordPress open source blogging and content management platform—posted an open letter on his personal blog accusing the ...
Houston Chronicle

How to Add Form Code to a WordPress Post

HTML form code offers an easy way to insert form items -- text boxes, radio buttons and checkboxes, for example -- to your WordPress site. This allows you to create such features as search boxes and ...