Skip to main content

Tag: plugin vulnerability

18 articles

WordPress admin dashboard on laptop with plugin installation page, surrounded by cluttered workspace and office background.

WordPress Plugins Backdoored in ShapedPlugin Supply Chain Attack

A recent supply chain attack on ShapedPlugin compromised the updates for several WordPress plugins, including Product Slider Pro for WooCommerce, injecting backdoor code that could give attackers full control of affected sites. This severe vulnerability, rated 10.0 on the CVSS scale, highlights the importance of staying vigilant about plugin updates and security.

Analyst 207
Cluttered office desk with laptop showing empty interface, symbolizing WordPress site vulnerability.

Hackers Exploit Gravity SMTP Plugin Bug on 100,000 WordPress Sites

A critical bug in the Gravity SMTP plugin is being exploited by hackers on over 100,000 WordPress sites, putting sensitive information at risk. Update to version 2.1.5 or later to patch the vulnerability.

Analyst 207
A WordPress dashboard screen with a cracked laptop keyboard in the foreground, symbolizing site vulnerability.

Hackers Exploit Everest Forms Pro Flaw to Hijack WordPress Sites

More than 29,300 attempted hacks have been blocked by Wordfence, revealing a surge in automated attacks exploiting a critical flaw in the Everest Forms Pro plugin, tracked as CVE-2026-3300. This alarming number highlights the urgent need for WordPress site owners to safeguard against this vulnerability.

Analyst 207
WordPress website backend dashboard on a laptop screen in a quiet workspace.

Hackers Exploit Everest Forms Pro Flaw to Compromise WordPress Sites

A critical vulnerability in Everest Forms Pro, affecting over 4,000 active WordPress installations, has been exploited by hackers to gain remote code execution, allowing them to take control of sites without authorization. A patch has been released, but sites remain at risk if not updated to version 1.9.13 or later.

Analyst 207
WordPress site backend on laptop with Everest Forms Pro plugin visible.

Everest Forms Pro Flaw Exploited for Remote Code Execution

A critical flaw in the Everest Forms Pro WordPress plugin, CVE-2026-3300, has been exploited over 29,300 times, allowing attackers to execute remote code on vulnerable sites. This vulnerability was caused by a simple calculation feature that was not properly sanitized, leaving sites open to unauthenticated attacks.

Analyst 207
WordPress dashboard on a laptop screen amidst a cluttered home office, symbolizing vulnerability.

WP Maps Pro Flaw Exploited to Create Admin Accounts

A critical vulnerability in the popular WP Maps Pro plugin, used by over 15,000 WordPress sites, has been exploited to create admin accounts, putting countless websites at risk of complete takeover. This high-severity flaw, tracked as CVE-2026-8732, allows attackers to escalate privileges and gain unrestricted access.

Analyst 207
Person typing on laptop with blurred map interface on screen, symbolizing WordPress site security breach.

Hackers Exploit WP Maps Pro Bug to Hijack WordPress Sites

In just 24 hours, over 3,600 hacking attempts were made to exploit a critical flaw in the WP Maps Pro plugin, allowing attackers to create admin accounts and log in without a password. This vulnerability, affecting version 6.1.0 and older, puts countless WordPress sites at risk.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit data center with a sense of urgency.

LiteSpeed Plugin Flaw Exploited to Run Scripts as Root

A critical flaw in the LiteSpeed plugin, CVE-2026-48172, is being actively exploited to give cPanel users unlimited power, allowing them to run scripts as root. This severe vulnerability, rated 10.0 on the CVSS scale, puts your online security at risk and demands immediate attention.

Analyst 207
Retail checkout counter with a WooCommerce point-of-sale terminal in the foreground and blurred store shelves in the…

Funnel Builder Flaw Exploited for WooCommerce Checkout Skimming

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages and skim sensitive customer info. Over 40,000 online stores using the plugin may be at risk.

Analyst 207
Retail checkout counter with payment terminal and WooCommerce logo, laptop screen blurred with loading animation, hinting…

Funnel Builder Plugin Exploited to Inject Credit Card Skimmers

A vulnerability in the popular Funnel Builder plugin, used on over 40,000 websites, has been exploited to inject credit card skimmers into WooCommerce checkout pages, putting sensitive payment data at risk. This flaw allows attackers to sneak malicious code into checkout pages, harvesting valuable information from unsuspecting customers.

Analyst 207
Laptop screen displays WordPress website backend in brightly-lit office setting.

Hackers exploit auth flaw in Burst Statistics WordPress plugin

A critical bug in the Burst Statistics WordPress plugin, affecting 200,000 sites, allows hackers to impersonate administrators and gain unauthorized access. This alarming vulnerability, already showing signs of exploitation, puts countless websites at risk.

Analyst 207
Jenkins plugin page on a computer screen shows a warning message with a blurred software development workspace background.

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack

A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

Analyst 207
Laptop screen displays Jenkins plugin interface with code environment, beside blurred smartphone and sticky notes.

TeamPCP Breaches Checkmarx Jenkins Plugin Again

If you're using the Checkmarx Jenkins AST plugin, make sure you're on a safe footing by using version 2.0.13-829.vc72453fa_1c16 or earlier, published on December 17, 2025, as newer versions may be vulnerable. Checkmarx has since released a patched version, 2.0.13-848.v76e89de8a_053, available on GitHub and the Jenkins Marketplace.

Analyst 207
Software development team works at a continuous-integration workstation with laptop and monitor displaying a plugin…

Checkmarx Plugin Sabotaged in Fresh TeamPCP Intrusion

Checkmarx issued a warning on May 9, 2026, that a tampered version of its Jenkins AST plugin had been released on the Jenkins Marketplace, posing a risk to continuous-integration pipelines. The company quickly responded by urging customers to update to a trusted version, 2.0.13-829.vc72453fa_1c16, to safeguard their systems.

Analyst 207
WordPress site administrator working on laptop in dimly lit server room.

WordPress Plugin Exposes 70,000 Sites to Backdoor Vulnerability

A shocking security vulnerability has been uncovered in a popular WordPress plugin, leaving over 70,000 sites open to backdoor attacks that can inject malicious code on demand. The issue was discovered in the Quick Page/Post Redirect plugin, which was infected with a hidden backdoor five years ago.

Analyst 207
Broken padlock hangs from laptop amidst shattered glass and cityscape of compromised websites.

WordPress Plugin Suite Compromised, Malware Deployed on Thousands of Sites

Thousands of websites have been unwittingly turned into malware gateways due to a massive compromise of over 30 WordPress plugins in the EssentialPlugin package, highlighting a disturbing vulnerability in the internet ecosystem. This security breach has left countless sites exposed, raising urgent questions about accountability and prevention.

Analyst 207
Laptop on cluttered desk displays ominous warning icon on dashboard amidst eerie blue glow, with locked door and small gap…

Compromised Plugin Update Injects Backdoor into WordPress Sites

A widely used WordPress plugin, Smart Slider 3 Pro, was compromised when hackers hijacked its update system to push a poisoned version containing a backdoor, putting over 800,000 active installations at risk. This alarming breach raises critical questions about trust and security in the mechanisms we rely on to protect our online presence.

Analyst 207
Dark computer screen with cracked slider interface, tangled wires, and circuit boards, emitting eerie glow of malicious code.

Hackers Exploit Smart Slider Plugin to Deploy Malicious Code

Hackers have hijacked the update system for the popular Smart Slider 3 Pro plugin, deploying a malicious release that lets them take control of affected websites. This alarming breach highlights the vulnerability of even trusted software update channels to exploitation.

Analyst 207