Bleeping Computer

Forminator plugin flaw exposes WordPress sites to takeover attacks

The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is tracked as CVE-2025-6463 and ...
Ars Technica

Automattic’s “nuclear war” over WordPress access sparks potential class action

The company behind WordPress, Automattic Inc., and its founder, Matt Mullenweg, continue to face backlash over a “nuclear war” started with WP Engine (WPE) that allegedly messed with maintenance and ...
Bleeping Computer

W3 Total Cache WordPress plugin vulnerable to PHP command injection

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked as ...

Sneeit WordPress RCE flaw allows hackers to add themselves as admin - here's how to stay safe

A critical flaw in a WordPress add-on was recently patched, which allows crooks to add a rogue admin account to the site.
Hosted on MSN

WordPress vs Squarespace: Which CMS is better in 2025?

WordPress is the world's most popular CMS platform. It powers over 60% of websites globally. But with WordPress.com, you also get managed hosting and maintenance. Squarespace is an all-in-one website ...