wordfence (@wordfence@mastodon.social)
200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin
An arbitrary file deletion vulnerability in the PerfMatters plugin affects over 200,000 WordPress sites, allowing unauthenticated attackers to delete files such as wp-config.php and potentially trigger site takeover or remote code execution.
Update to PerfMatters version 2.6.0 to patch the issue.
https://youtube.com/shorts/LQm6iXeGcIc
#WordPress #WordPressSecurity #Cybersecurity
Show Original Post
curtismchale (@curtismchale@mastodon.social)
Rate Limiting WordPress AJAX Handlers with Transients
https://sfndesign.ca/rate-limiting-wordpress-ajax-handlers-with-transients
Show Original Post
post (@post@lemmings.world)
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
https://lemmings.world/post/44215310
Show Original Post
adlerweb (@adlerweb@social.adlerweb.info)
#WordPress demonstriert grade wieder, warum automatische Updates ggf. eine dumme Idee sein können. Ein shady Typ hat mehr 30+ Plugins aufgekauft und letzten Oktober neue Versionen veröffentlicht. Vorgeblich um mit neueren WordPress-Installationen kompatibel zu bleiben. Achja, und ne Backdoor war auch mit drin. Vor ein paar Wochen ist die dann aktiv gegangen und hat Code nachgeladen. Inzwischen hat WP die Plugins aus ihrem Paketmanager gelöscht.
https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/
Show Original Post
wpnewsio (@wpnewsio@mastodon.social)
In this blog we will talk about how to easily find vulnerabilities in WordPress plugins using static analysis tools that support PHP (such as Semgrep) and trying out AI Large[…]
#WordPress #Security
https://ift.tt/NkonVqJ
Show Original Post
flatplanet (@flatplanet@mastodon.ie)
#homeserver #upgrades - replacement of CPU, motherboard, and OS disk this week. #Debian #trixie as the base. Aiming to do a bit of a cleanup as I go - ideally #containerising where possible, no VMs
So far;
* Unifi Network Server ❌ AP couldn't find it as a container. Installer script ✅
* #Wordpress ✅ some permissions fiddling required for compose
* #tvheadend ✅ some path fiddling for compose
* #zfs ✅ flawless detection and import
Show Original Post
codemonkeymike (@codemonkeymike@fosstodon.org)
Ok #webDev peeps. I'm so curious your advice here.
What do you use these days to build and manage a simple marketing website that someone non technical could log in and update?
I have a site built in #tailwind and #php and its great, but there is no CMS behind it. #wordpress seems like crazy overkill.
Is there a new open source minimalist CMS out there that people use? What's the new hottness?
Show Original Post
metin (@metin@graphics.social)
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/
#WordPress #WebDev #InfoSec #security #safety #malware #plugin
Show Original Post
talentodigital (@talentodigital@mastodon.social)
Servicios WordPress
Te podemos ayudar creando una web desde cero con WordPress o mejorando la que tienes actualmente.
👉🏻 https://talentodigital.com/servicios-wordpress/
#TalentoDigital #Digitalizar #WordPress #MarketingDigital #TransformaciónDigital
Show Original Post
andyhuey (@andyhuey@mastodon.social)
Content warning:#Linkspam: 510, supplychain, wordpress
RE: https://digipres.club/@dsalo/116399173747163042
I should probably review my #WordPress plugins...
Show Original Post
WordCampCanada (@WordCampCanada@wptoots.social)
💙 What has the WordPress community made possible for you?
Your first WordCamp, first volunteer moment, first contribution, or a connection that helped you grow.
As we build toward WordCamp Canada 2026, share your story and inspire someone’s first step.
#WordCampCanada #WCEH2026 #WordPress
Show Original Post
wordfence (@wordfence@mastodon.social)
Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin
A critical Remote Code Execution vulnerability (CVE-2026-3584, CVSS 9.8) in Kali Forms with 10,000+ active installations is under active attack. Over 312,200 exploit attempts blocked.
Update to version 2.4.10.
#WordPress #WebSecurity #Wordfence
Show Original Post