File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server.
GitHub

Generates and reads the wp-config.php file.

# Create standard wp-config.php file. $ wp config create --dbname=testing --dbuser=wp --dbpass=securepswd --locale=ro_RO Success: Generated 'wp-config.php' file. # List constants and variables defined ...
GitHub

EverleeLabs/local-debug-toolkit

A Local addon that gives you tools to debug WordPress sites. Enable debug mode, view the debug log, edit wp-config.php, and modify PHP settings — all per site, right from the Local UI.

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...
Blue Headlineq

30 WordPress Plugins Bought and Backdoored: The 2026 Supply Chain Attack Explained

A 2026 WordPress supply-chain attack allegedly turned 30+ sold plugins into a dormant backdoor operation that hid SEO spam from site owners, persisted beyond a forced update, and exposed deep ...