Nearly a million WordPress websites could be at risk from this serious plugin security flaw

WPvivid Backup & Migration plugin allows for arbitrary file upload which can lead to remote code execution.
Security Boulevard

CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover

CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...

WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files ...
ZDNet

WordPress deploys forced security update for dangerous bug in popular plugin

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...
The Verge

WordPress.org’s latest move involves taking control of a WP Engine plugin

WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” resulting from WP Engine’s legal moves. WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” ...
Bleeping Computer

Linux Foundation unveils decentralized WordPress plugin manager

A collective of former WordPress developers and contributors backed by the Linux Foundation has launched the FAIR Package Manager, a new and independent distribution system for trusted WordPress ...