Last week, there were 107 vulnerabilities disclosed in 91 WordPress Plugins and 8 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 43 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Operational efficiency and effective customer-facing processes are top priorities for growing ecommerce businesses. One of the best ways a business can boost these areas is by embracing automation, personalization, and AI. With these methods, businesses are better equipped to tackle the most pressing challenges like scaling sales without expanding teams. Team growth only complicates matters …
We’re excited to announce that the full schedule for WordCamp US 2025 has been published! From August 26–29 in Portland, Oregon, join web creators, innovators, and community leaders for four days of learning, collaboration, and inspiration. This year’s lineup brings together sessions on everything from cutting-edge AI to hands-on workshops, performance, accessibility, design, and the …
Making design updates shouldn’t feel like checking boxes. But too often, even something simple, like changing a button style or updating a font, means editing each module manually. It’s slow, repetitive, and easy to mess up. Divi 5 fixes that with Extend Attributes, an upgraded version of Divi 4’s Extend Styles. It lets you apply …
SQL Injection (SQLi), a vulnerability almost as old as database-driven web applications themselves (CWE-89), persists as a classic example of failing to neutralize user-supplied input before it’s used in a SQL query. So why does this well-understood vulnerability type continue to exist?
In the WordPress space, the WordPress core development team has made a number of database functions available via its API. These functions abstract away all the common use-cases for database queries and intend to do so in a way that prevents SQL injection vulnerabilities from being introduced by the developer.
Following on from the WordPress 6.8.2 maintenance release last month, the included update to the root security certificate bundle has been backported to all branches back to 4.7. This ensures that when your site performs server-side HTTP requests, the most up-to-date information about trusted security certificates is used. Further information can be found on the …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
From now through September 22, 2025, we’re running our SQLsplorer Challenge, focused on SQL Injection vulnerabilities. During this challenge, we’re expanding the scope of the Wordfence Bug Bounty Program to encourage deeper research into SQL Injection vulnerabilities and broader participation from researchers looking to get started, and we’re adding a 20% bounty bonus for all …Read More
Divi 5 is taking incredible shape, and third-party developers are adopting it en masse. As we get ever closer to Divi 5’s Public Beta, we’re taking time to look at how various Divi Extensions are already adopting the new framework for their products. Today, that spotlight turns to All in One Carousel for Divi. This …
Color sets the tone before a single word is read, but traditional color pickers make it hard to achieve true brand consistency. Instead of precision, you often get guesswork and close-enough approximations. That’s why Divi 5 completely reimagined its color system. In this post, we’ll compare it directly to Divi 4’s color picker and show …
Updating the design of a full layout pack sounds simple until you realize you have to change the same styles across five or six different pages. As these styles are applied as static values, even a small update, like changing the font or adjusting section padding, becomes time-consuming when done page by page. But what …
Pop-ups are a great tool for capturing attention and driving engagement on your website. Whether you want to grow your email list, promote a special offer, or guide visitors towards a specific action, a well-designed pop-up can make all the difference. With the release of Divi 5 Interactions, creating custom, dynamic pop-ups has never been easier. …
WPML 4.8 Beta is now available for testing ahead of the upcoming release of WPML 4.8. This version brings a number of new features, with a big rebranding; WPML AI is now PTC. If you’re currently using WPML on a big, complex website, or developing a new site, we recommend installing WPML 4.8 Beta on …
Divi 5 keeps marching forward. The most obvious signal of its maturity is how third-party extensions adopt it. Today, we’ll put the spotlight on Divi Plus and its compatibility with Divi 5. This add-on is famous for adding many great Modules to your module picker. We will be taking a look at a few Modules …
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! Last week, …Read More
On July 18th, 2025, we received a submission for an Arbitrary File Upload vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover. Please note that this vulnerability only critically affects users who have enabled the “Public API” option in the settings, which is disabled by default, and have not configured authentication for the API.
Choosing the right CSS units is more than a technical detail. It’s what helps your design stay consistent, flexible, and responsive across all devices. Pixels may seem like the easy option, but they don’t always behave predictably on different screens. In this post, we’ll explain the difference between absolute and relative units, and show how …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
On May 30th, 2025, we received a submission for an Arbitrary File Upload via Plugin Installation vulnerability in Alone, a WordPress theme with more than 9,000 sales. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover. The vendor released the patched version on June 16th, 2025, and we publicly disclosed this vulnerability on July 14th, 2025. Our records indicate that attackers started exploiting the issue on July 12th, 2025, before we disclosed the vulnerability. The Wordfence Firewall has already blocked over 120,900 exploit attempts targeting this vulnerability.
Flexible and responsive websites are crucial, especially in the fast-evolving world of WordPress. Modern websites must adapt seamlessly across various screen sizes, from widescreen desktops to compact mobile screens. Divi 5 is a complete core rewrite of Divi 4, designed with speed, performance, and flexibility in mind. At the heart of this transformation is Divi …
Font updates can be a headache. Change a title font, and suddenly, you’re tracking down every spot it appears. Miss a heading or two, and your design immediately feels off. Manually updating fonts invites inconsistency. Divi 5 solves this with font variables and presets. Instead of chasing down every instance, you can set your fonts …
You’ve probably seen various CSS units in web code before, but understanding how they work lets you use them more intentionally. In this post, you’ll learn what CSS units really are, how they affect your layouts, and how using them inside Divi 5 helps you design more responsively. Divi 5 brings native support for CSS …
Today, we introduce Loop Builder Divi 5, which allows you to construct looping post-based and term-based content using any Divi element. Divi’s loop builder is unique in its freedom; you can loop anything without being restricted to a static loop module or container. Build your looping element, then customize your query using various convenient options …
wordfence.com
woocommerce.com
elegantthemes.com
dreamhost.com
wpml.org
