WordPress security bulletins

Stay informed with our up-to-date WordPress CVE security bulletins. We cover known Common Vulnerabilities and Exposures (CVEs) affecting WordPress so you can quickly understand potential risks to your site. Our WordPress security experts help identify and remediate vulnerabilities, giving you a trusted resource for tracking security issues and determining whether your website may be affected.

RTMKit Plugin Vulnerability (CVE-2026-8351)

Security Alert Summary The RTMKit plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability in the Advanced Heading widget’s Background Text parameter. Insufficient output escaping of the ‘background_text_heading’ setting…
Read security notice