On February 23, 2026, we received a submission for an Arbitrary File Read vulnerability in Smart Slider 3, a WordPress plugin with an estimated more than 800,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level permissions or higher, to read arbitrary files on the server, which may contain sensitive information. … Read more
The second Release Candidate (“RC2”) for WordPress 7.0 is ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC2 on a test server and site. Reaching this phase … Read more
When WP Engine acquired WPackagist on March 12, the WordPress developer community faced a familiar question: what happens when critical open source infrastructure ends up under corporate control? The community already had an answer in progress. Four days later, WP Packages (formerly WP Composer) launched as a fully independent, community-funded alternative, with some neat additional … Read more
The first Release Candidate (“RC1”) for WordPress 7.0 is ready for download and testing! This version of the WordPress software is still under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended to evaluate RC1 on a test server and site. WordPress 7.0 RC1 … Read more
Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list: 2x all high threat vulnerability bounties (excluding 5,000,000+ installs) +30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding … Read more
