Erik Kraijenoord

20,000 WordPress Sites Affected by Backdoor Vulnerability in LA-Studio Element Kit for Elementor WordPress Plugin

by

On January 12th, 2026, we received a submission for a Backdoor vulnerability in the LA-Studio Element Kit for Elementor, a WordPress plugin with more than 20,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to create malicious administrator users. Props to Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777) and Waris Damkham who discovered … Read more

Be Part of WordCamp Asia 2026

by

WordCamp Asia is back in 2026, this time in Mumbai, India, and it’s building on a year that showed just how ambitious and connected the WordPress community has become. Now is the time to get involved. Get your ticket, explore sponsorship opportunities, and help spread the word. Get Your Event Pass Become a Sponsor About … Read more

100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin

by

On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by updating the user role on a user action form where a role can … Read more

A New Home for WordPress Education Programs

by

Over the past few weeks, a new space has taken shape on WordPress.org for students who want to learn, build, and contribute. WordPress Education programs bring together initiatives that help students enter the WordPress ecosystem through clear, accessible entry points that lead to real-world practice. With hands-on initiatives and supportive communities, participants can grow new … Read more