Erik Kraijenoord On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to execute code remotely. The vendor released the patched version on August 5th, 2025, and we … Read more
State of the Word 2025 brought the WordPress community together for an afternoon that felt both reflective and forward-moving, blending stories of global growth with technical milestones and glimpses of the future. This year also marked the twentieth State of the Word since the first address in 2006, a milestone noted in the WordPress history … Read more
On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by specifying the administrator user role during registration. The vendor released the patched version … Read more
On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. Props to dudekmar who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This … Read more
Each WordPress release celebrates an artist who has made an indelible mark on the world of music. WordPress 6.9, code-named “Gene,” honors the American Jazz pianist Gene Harris. A piano veteran, self taught at the age of six, Harris infused mainstream jazz with elements of soul, blues, and gospel, creating a warm, signature sound that … Read more
