May 2025

50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin

Wordfence released its 2024 WordPress security report and highlighted a PHP Object Injection vulnerability in Uncanny Automator (versions ≤ 6.4.0.1), allowing authenticated users to delete arbitrary files, including wp-config.php. Discovered by researcher mikemyers, it earned a $1,021 bounty. A patch (version 6.4.0.2) was released on April 18, 2025, impacting over 50,000 installations. Wordfence Premium users received protection on April 22, 2025, with free users getting it 30 days later. Users are urged to update to the latest version due to this critical vulnerability.

https://www.wordfence.com/blog/2025/05/50000-wordpress-sites-affected-by-php-object-injection-vulnerability-in-uncanny-automator-wordpress-plugin/

82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme

Wordfence's 2024 security report highlights a critical Arbitrary File Upload vulnerability in TheGem WordPress theme (v5.10.3 and below), allowing authenticated attackers to upload malicious files for remote code execution. Discovered by researcher Foxyyy through the Bug Bounty Program, it earned a $1,405 reward. A patch was released on May 7, 2025. Wordfence offers immediate firewall protection for premium users, with a rollout for free users on June 4, 2025. Wordfence urges users to update to version 5.10.3.1 to mitigate this risk.

https://www.wordfence.com/blog/2025/05/82000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-thegem-wordpress-theme/

What Is WordPress VIP? Benefits, Pricing, and Value Explained

WordPress VIP is a managed enterprise hosting platform for high-traffic websites, offering robust security, scalability, and performance optimization tailored for major publishers and organizations like Meta and NASA. It provides key features such as complete hosting management, advanced security protocols, built-in performance optimization, AI-powered content tools, and dedicated support. Custom pricing reflects factors like traffic volume and support needs, making it a cost-effective solution despite higher initial expenses by reducing operational costs and downtime. WordPress VIP is unmatched in its comprehensive service offering versus standard hosting alternatives.

https://jetpack.com/resources/wordpress-vip/

WordPress Security Monitoring: 7-Step Guide With Required Tools

Website growth can lead to hacks due to weak security. This guide outlines security monitoring for WordPress, including its importance, common threats, and best practices. Key steps include installing a security plugin, setting up a firewall, enabling malware scans, automating backups, and monitoring activity logs. Regular audits and updates are vital for ongoing protection against threats like malware, brute force attacks, and SQL injections. For optimal security, Jetpack Security offers comprehensive tools, automating many tasks to ensure safety without requiring extensive technical knowledge.

https://jetpack.com/resources/wordpress-security-monitoring/

How to Add WordPress Post Meta Programmatically (with Code Examples)

TLDR: Managing large WordPress content can be challenging; adding post meta programmatically aids organization and efficiency. While possible without plugins, ACF makes the process user-friendly and scalable. Steps include creating backups, using custom plugins, and testing in safe environments. You can add meta to all posts, specific posts, or create new posts with custom metadata. ACF allows for easy custom field creation and management, making it ideal for non-technical teams, enhancing metadata handling and overall content management.

https://www.advancedcustomfields.com/blog/wordpress-add-post-meta-programmatically/

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 28, 2025 to May 4, 2025)

Wordfence released its 2024 WordPress security report, highlighting 75 vulnerabilities found in 63 plugins and 5 themes last week. Users are encouraged to review these vulnerabilities to protect their sites. Wordfence Intelligence aims to provide accessible security data, offering tools like a free vulnerability database, API, and scanner for proactive protection. Last week, 38 vulnerabilities were patched while 37 remained unpatched. Most vulnerabilities were of medium severity; the report also credited various researchers for their contributions to WordPress security.

https://www.wordfence.com/blog/2025/05/wordfence-intelligence-weekly-wordpress-vulnerability-report-april-28-2025-to-may-4-2025/

Scroll to Top