A non-trivial CSV injection vulnerability was discovered in a popular WordPress plugin called Events Manager v5.9.7.1 (active on 100,000+ websites). This makes the users’ machine vulnerable to remote attackers who can execute arbitrary commands on it. In ... (more…)

In part 2 of the Getting Started with Next.js, we connect a headless WordPress CMS to Next.js and pull in blog post content using WPGraphQL... (more…)

I wonder where headless WordPress will land. And by "headless" I mean only using the WordPress admin and building out the user-facing site through the... (more…)

All WordPress developers who want to create a sustainable business selling plugins need to not only take care of development and maintenance, but also moneti... (more…)

This is the story of how I failed to proactively prevent every WordPress blog on the Internet from ever being conscripted into a Mirai-like… (more…)