Erik Kraijenoord On April 22nd, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Breeze Cache, a WordPress plugin with an estimated 400,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP backdoors, and achieve remote code execution. The vendor released the fully patched version on April 21st, … Read more
WordCamp US 2026 will take place August 16–19 in Phoenix, Arizona, and applications are now open for sponsors, speakers, and volunteers. WordCamp US is the flagship gathering for the WordPress community in North America, where contributors, builders, and users come together to share ideas and help shape what comes next for the open web. Full … Read more
Here’s how to use the Subscriptions Health Checker in your WooCommerce dashboard to track missing renewals and auto-renewals — with more new features to come!
Selling to EU customers? Here’s what to know about the new withdrawal link requirement in EU Directive 2023/2673.
Last week, there were 157 vulnerabilities disclosed in 122 WordPress Plugins and 27 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more
