Bleeping Computer

WordPress REST API Flaw Used to Install Backdoors

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. On January 26, the WordPress team ...
Bleeping Computer

WordPress Fixes Auto-Update and API Servers Security Flaws

The WordPress team has addressed a security flaw in the API servers responsible for the CMS' update mechanism, which if exploited, would have allowed an attacker to deploy backdoors and malware to 27% ...
The Next Web

Authy releases a WordPress plugin enabling two-factor authentication to better protect against hacking

Authy, the Y Combinator-funded service that aims to better protect data online with two-factor authentication, has released a WordPress plugin so that publishers will feel secure about their blogs. In ...
Searchenginejournal.com

Security Researcher: WordPress 7.0 Could Trigger Rush To Steal AI API Keys

Oliver Sild, founder of Patchstack WordPress security company, shared concerns about the security of AI API keys in WordPress 7.0, sharing that there “will be an absolute rush by hackers to steal API ...
Searchenginejournal.com

Why WordPress 6.9 Abilities API Is Consequential And Far-Reaching

WordPress 6.9, scheduled for release on December 2, 2025, is shipping with a new Abilities API that introduces a new system designed to make advanced AI-driven functionality possible for themes and ...
techtimes

WordPress 7.0 Ships AI Agent Infrastructure: API Key Theft Risk Surfaces on Launch Day

WordPress 7.0 "Armstrong," released May 20, 2026, arrived without the real-time collaborative editing feature that had been its stated centerpiece for months — and within two days of launch, a ...