WordPress 6.9.2 was released earlier today and addressed 10 security issues. A few users have subsequently reported an issue where the front end of their site was appearing blank after updating to 6.9.2. The issue has been narrowed down to some themes using an unusual approach to loading template files via “stringable objects” instead of … Read more
On December 30th, 2025, we received a submission for an Authentication Bypass vulnerability in Tutor LMS Pro, a WordPress plugin estimated to have more than 30,000 active installations. The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts used to administer the site, if the … Read more
On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Drew Webber (mcdruid) who discovered and responsibly reported this vulnerability through … Read more
WordPress 6.9.2 is now available! This is a security release that features several fixes. Because this is a security release, it is recommended that you update your sites immediately. You can download WordPress 6.9.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic … Read more
Triple Threat Bug Bounty Challenge Hunt High Threat vulnerabilities and earn triple the incentives! Now through April 6, 2026, earn three stacked bonuses on all valid submissions from our ‘High Threat Vulnerabilities’ list: 2x all high threat vulnerability bounties (excluding 5,000,000+ installs) +30% bonus for high threat vulnerabilities in software with 30,000+ active installs (excluding … Read more
