The latest version of Pods is a security release. Hotfixes for various Pods versions are available.

Roger Montti of the Search Engine Journal asked WPScan and Wordfence what site owners need to know about medium level vulnerabilities?

With the help of breakdance XSS any user can trick the admin user to execute PHP code without them knowing it. The code is written by the Editor (or any other user role) and later executed unknowingly by the administrator.

A year ago we were all urged to jump on the passkeys train because it was superior security. In this article the author describes two problems – vendor lock-in and uneven implementation.

A security researcher alerted MainWP that some customer account information had been found in a large dump of compromised accounts. The notification says the accounts may be ones where users reused their credentials on multiple sites. MainWP reset all passwords and are requiring two factor authentication going forward. The account information is logging into the MainWP website, not ones related to connected sites.

An interesting list of steps and code for better securing a WordPress site from a WordPress veteran.

The topic of WordPress security is timely. WordPress 6.5.2 is a security and fix release just dropped.

There has been a lot of discussion about WordPress security and it seemed like the WordPress security posture hasn’t changed much over the years. David McCan discusses this and shares some ideas about how to bring WordPress security in line with current best practices.

Security vulnerabilities were reported for two WordPress page builders – Oxygen and Breakdance. In an unusual move the developers pushed back. This article has the details.