On July 18th, 2025, we received a submission for an Arbitrary File Upload vulnerability in AI Engine, a WordPress plugin with more than 100,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover. Please note that this vulnerability only critically affects users who have enabled the “Public API” option in the settings, which is disabled by default, and have not configured authentication for the API.
Choosing the right CSS units is more than a technical detail. It’s what helps your design stay consistent, flexible, and responsive across all devices. Pixels may seem like the easy option, but they don’t always behave predictably on different screens. In this post, we’ll explain the difference between absolute and relative units, and show how …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
On May 30th, 2025, we received a submission for an Arbitrary File Upload via Plugin Installation vulnerability in Alone, a WordPress theme with more than 9,000 sales. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover. The vendor released the patched version on June 16th, 2025, and we publicly disclosed this vulnerability on July 14th, 2025. Our records indicate that attackers started exploiting the issue on July 12th, 2025, before we disclosed the vulnerability. The Wordfence Firewall has already blocked over 120,900 exploit attempts targeting this vulnerability.
Flexible and responsive websites are crucial, especially in the fast-evolving world of WordPress. Modern websites must adapt seamlessly across various screen sizes, from widescreen desktops to compact mobile screens. Divi 5 is a complete core rewrite of Divi 4, designed with speed, performance, and flexibility in mind. At the heart of this transformation is Divi …
Font updates can be a headache. Change a title font, and suddenly, you’re tracking down every spot it appears. Miss a heading or two, and your design immediately feels off. Manually updating fonts invites inconsistency. Divi 5 solves this with font variables and presets. Instead of chasing down every instance, you can set your fonts …
You’ve probably seen various CSS units in web code before, but understanding how they work lets you use them more intentionally. In this post, you’ll learn what CSS units really are, how they affect your layouts, and how using them inside Divi 5 helps you design more responsively. Divi 5 brings native support for CSS …
Today, we introduce Loop Builder Divi 5, which allows you to construct looping post-based and term-based content using any Divi element. Divi’s loop builder is unique in its freedom; you can loop anything without being restricted to a static loop module or container. Build your looping element, then customize your query using various convenient options …
On June 24th, 2025, we received a submission for an Arbitrary File Upload and an Arbitrary File Deletion vulnerability in HT Contact Form, a WordPress plugin with more than 10,000 active installations. The arbitrary file upload vulnerability can be used by unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover. The arbitrary file deletion vulnerability can be used by unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can also make a site takeover possible.
Presets are one of the most powerful tools in Divi 5, and the Attribute Management feature makes them even better. You can now copy, paste, reset, and manage presets more easily across modules, rows, and sections without starting from scratch. Whether you’re building a design system or refining a layout, Attribute Management helps you stay …
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! Last week, …Read More
With Divi 5, building stunning, professional websites is easier than ever. With features like Nested Rows and Module Groups, you can create advanced card layouts and reuse them throughout your site with just a few clicks. Divi 5 introduces a modernized codebase and improved performance, perfect for building complex layouts. These new features will enable you …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
Divi empowers you to build the best websites possible, and now, Divi Quick Sites takes website creation to a whole new level. This revolutionary tool lets anyone, regardless of skill level, generate a complete website in under two minutes! Divi Quick Sites provides everything you need to launch your dream website instantly. You can choose …
If you want to attract visitors with dynamic pop-ups, toggles, and scroll effects without a plugin or custom CSS, you’ll love one of the latest Divi 5 Public Alpha feature releases. Interactions in Divi 5 allow Divi users to create engaging, interactive elements inside the Visual Builder. In this post, we’ll dive into everything you need …
If you’ve ever tweaked colors, padding, or fonts one module at a time, you’ve probably realized how slow, error-prone, and boring manual style changes can be. Divi 5 introduces a smarter way to handle it. With Design Variables and Find And Replace, you can update static styles across your layout and build a reusable design …
Divi 4’s Extend Styles was a step toward easier design. It let you take one element’s style and apply it to other elements on your page. Extend Styles covered the basics: colors, fonts, spacing, you name it. But it only worked for style-based attributes, hence the name. Divi 5 brings a surgical upgrade called Extend …
Most ecommerce platforms bundle costs you can’t control For midmarket and enterprise businesses, strategic cost control of both hosting and technical capability is paramount for consistent growth. The ability to scale your technology stack to match your business phase is a major advantage in controlling long-term costs. The beauty of open source software lies in …
The Divi 5 Public Alpha is available for use on new websites. If you use Divi 5, you’ll notice an update notification for Public Alpha Version 19. We release new Divi 5 versions every two weeks, and it gets better each time. If you haven’t tested Divi 5 yet, try it and let us know …
We sat down with the Brodo team — chef and founder Marco Canora and CEO Andrew Garner — at Marco’s East Village, Manhattan restaurant, Hearth, in late 2024 to learn more about their business. We discussed how Brodo started, where it’s going, and how WooCommerce has helped them along the way. The following video is …
Building websites often feels like repeating the same tedious tasks over and over. You create the perfect button style, then spend hours manually recreating it across your entire site. Divi 5’s Attribute Manager fixes this workflow problem by letting you copy specific styles between any modules instantly. These nine techniques will change how you work, …
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per vulnerability. Submit bold. Earn big! Last week, …Read More
A better checkout. One-click buying. More local payments. We’ve updated some of the core WooCommerce capabilities to help you customize without code, convert more customers, and stay flexible with the world’s best open source ecommerce platform. Boost conversions with modular, modern checkout It’s faster, simpler, and converts 61% higher on desktop than using shortcode. The …
Meet Divi Assistant by Pee‑Aye Creative. This third-party plugin adds over 130 tools for accessibility, styling, UI upgrades, and dozens of user‑requested features to enhance your Divi workflow. Shaped by real user feedback, chances are the feature you’ve been wishing for is already included. Divi Assistant is available for Divi 4, but it’s also in …
Meet Anthony Whitefield, the creative mind behind Agnikii Digital, a thriving digital agency based in Gloucester, UK. With services ranging from web design and development to SEO and brand strategy, Anthony’s team helps businesses build compelling online presences that drive results. His journey started with a passion for visual storytelling and evolved into a full-fledged …
WordPress 6.8.2 is now available! This minor release includes fixes for 20 Core tickets and 15 Block Editor issues. For a full list of bug fixes, please refer to the release candidate announcement. WordPress 6.8.2 is a short-cycle maintenance release. More maintenance releases may be made available throughout 2025. If you have sites that support …
wordfence.com
elegantthemes.com
woocommerce.com
themify.me
