WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

A critical WordPress plugin flaw allows threat actors to run arbitrary PHP commands, potentially taking over entire websites.
Ars Technica

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...
Bleeping Computer

WordPress.org to require 2FA for plugin developers by October

Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on ...
Threat Post

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors. A pair of security vulnerabilities in the WordPress search engine ...