Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.
Searchenginejournal.com

WordPress Just Locked Down Security For All Plugins & Themes

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...
Bleeping Computer

Plugins on WordPress.org backdoored in supply chain attack

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
TechPP

WordPress vs. Website Builders: When You Actually Need a Developer

WordPress vs. website builders explained with real differences, costs, customization limits, and when hiring a developer ...