Malicious Plugin Distributes Fake Browser Updates to WordPress Admins
A malicious plugin called "Modern Recent Posts" is targeting WordPress administrators with fake browser update pop-ups that only appear in the wp-admin dashboard. The plugin downloads and executes remote JavaScript from an attacker-controlled domain, affecting at least 28 websites. WordPress site owners should check for this plugin and monitor for suspicious script injections in their admin areas.
#wordpress #security #plugin #vulnerability
► Read more
via @WordPressPulse
A malicious plugin called "Modern Recent Posts" is targeting WordPress administrators with fake browser update pop-ups that only appear in the wp-admin dashboard. The plugin downloads and executes remote JavaScript from an attacker-controlled domain, affecting at least 28 websites. WordPress site owners should check for this plugin and monitor for suspicious script injections in their admin areas.
#wordpress #security #plugin #vulnerability
► Read more
via @WordPressPulse
WordPress Plugin Vulnerabilities & Patches — January 2026
A roundup of critical security vulnerabilities affecting popular WordPress plugins including All in One SEO, Essential Addons for Elementor, The Events Calendar, MetForm, and Fluent Forms. Website owners are advised to update to patched versions immediately, with protection available through the Sucuri Firewall for existing clients.
#wordpress #security #vulnerability #plugin #update
► Read more
via @WordPressPulse
A roundup of critical security vulnerabilities affecting popular WordPress plugins including All in One SEO, Essential Addons for Elementor, The Events Calendar, MetForm, and Fluent Forms. Website owners are advised to update to patched versions immediately, with protection available through the Sucuri Firewall for existing clients.
#wordpress #security #vulnerability #plugin #update
► Read more
via @WordPressPulse
The Latest from Post Status Members
Post Status members have been actively contributing to the WordPress ecosystem with new plugins, tools, and content. Highlights include Satyam Vishwakarma's Contributor Photo Gallery plugin, Birgit Pauli-Haack's Gutenberg Changelog covering versions 21.6 and 21.7, and numerous community initiatives like Tammie Lister's Blocktober challenge and various educational sessions focused on WordPress development and ecommerce.
#wordpress #gutenberg #plugin #community #blocktheme #opensource
► Read more
via @WordPressPulse
Post Status members have been actively contributing to the WordPress ecosystem with new plugins, tools, and content. Highlights include Satyam Vishwakarma's Contributor Photo Gallery plugin, Birgit Pauli-Haack's Gutenberg Changelog covering versions 21.6 and 21.7, and numerous community initiatives like Tammie Lister's Blocktober challenge and various educational sessions focused on WordPress development and ecommerce.
#wordpress #gutenberg #plugin #community #blocktheme #opensource
► Read more
via @WordPressPulse
Twenty Twenty-Seven Default Theme: Call for Volunteers
WordPress is calling for volunteers to help develop the Twenty Twenty-Seven default theme, with Arina Ior selected as the lead designer. The theme will ship with WordPress 7.2, releasing in early December, and interested contributors should apply by March 27th to ensure adequate time for development and iteration.
#wordpress #theme #community #fse
► Read more
via @WordPressPulse
WordPress is calling for volunteers to help develop the Twenty Twenty-Seven default theme, with Arina Ior selected as the lead designer. The theme will ship with WordPress 7.2, releasing in early December, and interested contributors should apply by March 27th to ensure adequate time for development and iteration.
#wordpress #theme #community #fse
► Read more
via @WordPressPulse
Critical WordPress Modular DS Plugin Vulnerability Actively Exploited for Admin Access
A severe unauthenticated privilege escalation vulnerability (CVE-2026-23550, CVSS 10.0) in the Modular DS WordPress plugin affects over 40,000 installations. Attackers can bypass authentication to gain admin access by manipulating request parameters, and active exploitation has been confirmed since January 13, 2026. Users must immediately update to version 2.5.2 or later and check their sites for compromise.
#wordpress #plugin #security #vulnerability
► Read more
via @WordPressPulse
A severe unauthenticated privilege escalation vulnerability (CVE-2026-23550, CVSS 10.0) in the Modular DS WordPress plugin affects over 40,000 installations. Attackers can bypass authentication to gain admin access by manipulating request parameters, and active exploitation has been confirmed since January 13, 2026. Users must immediately update to version 2.5.2 or later and check their sites for compromise.
#wordpress #plugin #security #vulnerability
► Read more
via @WordPressPulse
The Latest from Post Status Members
Post Status members have released numerous WordPress innovations and resources, including new security plugins (Block Logins CF and Form GeoGuard), AI-powered tools like Suggerence Gutenberg, and updates to popular plugins like ProfilePress. The community has also shared educational content on accessibility, content planning, and WordPress development practices.
#wordpress #plugin #security #ai #gutenberg #community
► Read more
via @WordPressPulse
Post Status members have released numerous WordPress innovations and resources, including new security plugins (Block Logins CF and Form GeoGuard), AI-powered tools like Suggerence Gutenberg, and updates to popular plugins like ProfilePress. The community has also shared educational content on accessibility, content planning, and WordPress development practices.
#wordpress #plugin #security #ai #gutenberg #community
► Read more
via @WordPressPulse
What's New in Gutenberg 22.7
Gutenberg 22.7 introduces a new Connectors admin page for managing integrations, adds style variation previews in the editor, and improves the Grid block Visualizer's responsiveness. The Playlist block now includes a WaveForm Player visualizer, enhancing audio content editing capabilities.
#wordpress #gutenberg #update #release #api #blocktheme
► Read more
via @WordPressPulse
Gutenberg 22.7 introduces a new Connectors admin page for managing integrations, adds style variation previews in the editor, and improves the Grid block Visualizer's responsiveness. The Playlist block now includes a WaveForm Player visualizer, enhancing audio content editing capabilities.
#wordpress #gutenberg #update #release #api #blocktheme
► Read more
via @WordPressPulse
How WordPress is Shaping the Future of Education Worldwide
A Jukebox Podcast episode featuring Destiny Kanno from Automattic, Isotta Peira of the WordPress Credits Initiative, and Anand Upadhyay of WordPress Campus Connect discussing how WordPress is being integrated into educational institutions globally. The episode explores education-focused WordPress events, initiatives bringing WordPress to university students, and a program that allows students to earn academic credits through contributions to the WordPress ecosystem.
#wordpress #community #wordcamp #opensource #automattic #tutorial
► Read more
via @WordPressPulse
A Jukebox Podcast episode featuring Destiny Kanno from Automattic, Isotta Peira of the WordPress Credits Initiative, and Anand Upadhyay of WordPress Campus Connect discussing how WordPress is being integrated into educational institutions globally. The episode explores education-focused WordPress events, initiatives bringing WordPress to university students, and a program that allows students to earn academic credits through contributions to the WordPress ecosystem.
#wordpress #community #wordcamp #opensource #automattic #tutorial
► Read more
via @WordPressPulse
Add Automated Unit Tests to Your WordPress Plugin
Learn how to implement automated unit testing in WordPress plugins to ensure code quality and prevent regressions across different WordPress versions and environments. This comprehensive guide covers setting up your test environment, writing unit tests, and integrating continuous testing with GitHub.
#wordpress #plugin #tutorial
► Read more
via @WordPressPulse
Learn how to implement automated unit testing in WordPress plugins to ensure code quality and prevent regressions across different WordPress versions and environments. This comprehensive guide covers setting up your test environment, writing unit tests, and integrating continuous testing with GitHub.
#wordpress #plugin #tutorial
► Read more
via @WordPressPulse
Critical WordPress Plugin Vulnerabilities Expose 250k+ Sites to Data Theft and RCE
Multiple critical security vulnerabilities have been discovered across popular WordPress plugins, including SQL injection flaws in Elementor Ally and remote code execution issues in WPvivid Backup & Migration affecting hundreds of thousands of sites. Attackers are actively exploiting these vulnerabilities to steal data, create unauthorized admin accounts, and gain full server access.
#wordpress #security #vulnerability #plugin #elementor
► Read more
via @WordPressPulse
Multiple critical security vulnerabilities have been discovered across popular WordPress plugins, including SQL injection flaws in Elementor Ally and remote code execution issues in WPvivid Backup & Migration affecting hundreds of thousands of sites. Attackers are actively exploiting these vulnerabilities to steal data, create unauthorized admin accounts, and gain full server access.
#wordpress #security #vulnerability #plugin #elementor
► Read more
via @WordPressPulse
Block Theme Development with WordPress Playground and GitHub
Learn how to streamline block theme development by syncing Site Editor changes to version control using WordPress Playground, the Create Block Theme plugin, and GitHub. This workflow enables designers to use visual tools while maintaining professional version-controlled theme development without manual code extraction.
#wordpress #blocktheme #theme #gutenberg #tutorial #opensource
► Read more
via @WordPressPulse
Learn how to streamline block theme development by syncing Site Editor changes to version control using WordPress Playground, the Create Block Theme plugin, and GitHub. This workflow enables designers to use visual tools while maintaining professional version-controlled theme development without manual code extraction.
#wordpress #blocktheme #theme #gutenberg #tutorial #opensource
► Read more
via @WordPressPulse
Best WordPress Caching Plugins in 2026: An Honest Comparison
> <p>Caching is still one of the most misunderstood performance levers in WordPress. This is my honest breakdown of the best caching plugins in 2026, what each one is actually good at, and how to pick the right one for your specific setup.</p>
> <p>The post "<a href="https://wpmayor.com/wordpress-caching-plugins/">Best WordPress Caching Plugins in 2026: An Honest Comparison</a>" first appeared on <a href="https://wpmayor.com">WP Mayor</a>.</p>
#wordpress #performance
▶ Read more
via @WordPressPulse
> <p>Caching is still one of the most misunderstood performance levers in WordPress. This is my honest breakdown of the best caching plugins in 2026, what each one is actually good at, and how to pick the right one for your specific setup.</p>
> <p>The post "<a href="https://wpmayor.com/wordpress-caching-plugins/">Best WordPress Caching Plugins in 2026: An Honest Comparison</a>" first appeared on <a href="https://wpmayor.com">WP Mayor</a>.</p>
#wordpress #performance
▶ Read more
via @WordPressPulse
#195 – Saumya Majumder on How Cloudflare Outages Impact the Web and WordPress Performance Solutions
> In this episode, Saumya Majumder joins Nathan Wrigley to discuss innovations at BigScoots, focusing on high-performance WordPress hosting and Cloudflare-powered architecture. They unpack the recent global Cloudflare outage, the complexities of internet infrastructure, and Cloudflare’s transparency in response. Saumya explains advanced caching technologies, BigScoots’ direct physical connection with Cloudflare, and their custom cache plugin, highlighting how these developments offer speed, security, and fine-grained control for WordPress users, agencies, and enterprise clients. If you’re curious about how hosting companies manage such advanced caching strategies, and how Cloudflare might fit into the hosting jigsaw, this episode is for you.
#wordpress #plugin #performance #hosting
▶ Read more
via @WordPressPulse
> In this episode, Saumya Majumder joins Nathan Wrigley to discuss innovations at BigScoots, focusing on high-performance WordPress hosting and Cloudflare-powered architecture. They unpack the recent global Cloudflare outage, the complexities of internet infrastructure, and Cloudflare’s transparency in response. Saumya explains advanced caching technologies, BigScoots’ direct physical connection with Cloudflare, and their custom cache plugin, highlighting how these developments offer speed, security, and fine-grained control for WordPress users, agencies, and enterprise clients. If you’re curious about how hosting companies manage such advanced caching strategies, and how Cloudflare might fit into the hosting jigsaw, this episode is for you.
#wordpress #plugin #performance #hosting
▶ Read more
via @WordPressPulse
#181 – Bob Dunn on rebranding Do the Woo and growing openchannels.fm
> In this episode, Nathan Wrigley interviews Bob Dunn about his journey from hosting Do the Woo, a WooCommerce-focused podcast, to launching OpenChannels.fm, a broader podcast network covering the open web, open source, and technology makers. Bob discusses the motivations behind the rebrand, his multi-channel and multi-host format, challenges with managing a growing podcast network, the technical side of production, and the evolving sponsorship model. He shares insights on maintaining flexibility, expanding to new topics and voices, and his ongoing commitment to staying engaged while giving others a platform to host and share content. If you’re interested in open source, podcasting, or building community-driven content, this episode is for you.
#woocommerce #hosting #wordpress
▶ Read more
via @WordPressPulse
> In this episode, Nathan Wrigley interviews Bob Dunn about his journey from hosting Do the Woo, a WooCommerce-focused podcast, to launching OpenChannels.fm, a broader podcast network covering the open web, open source, and technology makers. Bob discusses the motivations behind the rebrand, his multi-channel and multi-host format, challenges with managing a growing podcast network, the technical side of production, and the evolving sponsorship model. He shares insights on maintaining flexibility, expanding to new topics and voices, and his ongoing commitment to staying engaged while giving others a platform to host and share content. If you’re interested in open source, podcasting, or building community-driven content, this episode is for you.
#woocommerce #hosting #wordpress
▶ Read more
via @WordPressPulse
Word Switcher: Extending Core Blocks with WordPress Interactivity API
#wordpress #gutenberg #api #plugin #tutorial
▶ Read more
via @WordPressPulse
A deep dive into building a production-ready WordPress block that creates smooth word-switching animations by combining the Interactivity API, HTML API, and Format API. The article demonstrates how to extend core blocks with custom behavior while maintaining clean code and great editing experiences for content creators.
#wordpress #gutenberg #api #plugin #tutorial
▶ Read more
via @WordPressPulse
Stop WordPress from Creating Extra Cropped Image Sizes
#wordpress
▶ Read more
via @WordPressPulse
<p>Whenever you upload an image to your WordPress site through the media library, it automatically creates and stores multiple additional versions of that image. If your site doesn’t utilize these extra image sizes, they will consume valuable storage space and increase the size of your server backups. In this guide, I’ll walk you through the […]</p>
<p>The post <a href="https://www.wpexplorer.com/stop-wordpress-from-creating-extra-cropped-image-sizes/">Stop WordPress from Creating Extra Cropped Image Sizes</a> appeared first on <a href="https://www.wpexplorer.com">WPExplorer</a>.</p>
#wordpress
▶ Read more
via @WordPressPulse
Seahawk Media Partners with Patchstack to Strengthen WordPress Security
#wordpress #hosting
▶ Read more
via @WordPressPulse
<p>We’re happy to share that Seahawk Media, a large WordPress agency serving businesses and hosting providers worldwide, has started using Patchstack to secure client websites. Seahawk Media specialises in white-label WordPress services for businesses and hosts, including development, maintenance, and ongoing support. Their maintenance plans are used to manage and protect a large number of […]</p>
<p>The post <a href="https://patchstack.com/articles/seahawk-media-partners-with-patchstack-to-strengthen-wordpress-security/">Seahawk Media Partners with Patchstack to Strengthen WordPress Security</a> appeared first on <a href="https://patchstack.com">Patchstack</a>.</p>
#wordpress #hosting
▶ Read more
via @WordPressPulse
WordPress 6.9 assertEqualHTML() Simplifies HTML Testing
#wordpress #plugin #tutorial #api #opensource
▶ Read more
via @WordPressPulse
WordPress 6.9 introduces assertEqualHTML(), a new PHPUnit assertion method for plugin developers that compares HTML semantically rather than literally. This solves fragile tests caused by attribute ordering, whitespace, and formatting differences that don't affect browser rendering.
#wordpress #plugin #tutorial #api #opensource
▶ Read more
via @WordPressPulse
Brian Coords on WooCommerce's Challenges and Innovations
#wordpress #woocommerce #gutenberg #ai #ecommerce #opensource
▶ Read more
via @WordPressPulse
In this Jukebox Podcast episode, WooCommerce developer advocate Brian Coords discusses the platform's evolution, including its recent rebrand and integration with WordPress block-based editing. The conversation covers WooCommerce's competitive landscape against SaaS alternatives, AI investments for store management, and how the ecosystem supports global developers and agencies.
#wordpress #woocommerce #gutenberg #ai #ecommerce #opensource
▶ Read more
via @WordPressPulse
Access Control in WordPress: Authentication vs Authorization
#wordpress #security #plugin #api #restapi
▶ Read more
via @WordPressPulse
This article explains how access control protects WordPress sites by combining authentication and authorization to prevent unauthorized data access. It covers three main access control models and emphasizes why consistent permission checks across all endpoints, APIs, and admin panels are critical for WordPress security.
#wordpress #security #plugin #api #restapi
▶ Read more
via @WordPressPulse
January 2026 WordPress Plugin Security Vulnerabilities & Patches
#wordpress #plugin #security #vulnerability #update
▶ Read more
via @WordPressPulse
Six popular WordPress plugins received security updates in January 2026, addressing broken access control, XSS, and authentication vulnerabilities affecting millions of installations. All vulnerabilities have been virtually patched by Sucuri Firewall, and website owners are advised to update affected plugins including All in One SEO, Essential Addons for Elementor, The Events Calendar, MetForm, and Fluent Forms.
#wordpress #plugin #security #vulnerability #update
▶ Read more
via @WordPressPulse