70% of WordPress Sites Running Outdated PHP Versions, Leaving Millions Exposed

70% of WordPress Sites Running Outdated PHP Versions, Leaving Millions Exposed

A recent analysis of publicly accessible WordPress installations has revealed a startling reality: a large majority of sites are running PHP versions that are no longer supported, creating a widespread and avoidable security risk. While WordPress itself issues regular updates, the underlying server-side language many sites rely on—PHP—has lagged behind in adoption. The result is an ecosystem where millions of

Critical Flaw in User Registration Membership Plugin (CVE-2026-1492) Lets Attackers Bypass WordPress Authentication

Critical Flaw in User Registration Membership Plugin (CVE-2026-1492) Lets Attackers Bypass WordPress Authentication

A newly disclosed vulnerability in a popular WordPress plugin can allow attackers to log in as administrators without a username or password. Tracked as CVE-2026-1492 and carrying a CVSS v4.0 score of 9.8, the flaw affects all versions of the User Registration Membership plugin up through 5.1.2. The issue was documented in early March 2026 by CYFIRMA researchers and represents