The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.

CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their ...
MyHorryNews

MotoPress Hotel Booking 6.0 Brings Booking.com-Level Property Management to WordPress

Managing online reservations, availability calendars, and payment processing has traditionally required property managers and vacation rental owners to navigate multiple interfaces. MotoPress ...
Tech Times

WordPress 7.0 Ships AI Agent Infrastructure: API Key Theft Risk Surfaces on Launch Day

WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been ...
Searchenginejournal.com

CleanTalk WordPress Plugin Vulnerability Threatens Up To 200K Sites

An advisory was issued for a critical vulnerability rated 9.8/10 in the CleanTalk Antispam WordPress plugin, installed in over 200,000 websites. The vulnerability enables unauthenticated attackers to ...
theregister

From browser brat to backend boss: Will WASM win the web wars?

OPINION Beginning in 1995 and for decades after, JavaScript was the only game worth playing when it came to web-based scripting. While incredibly versatile, JavaScript had its limitations, especially ...