Tag: wordpress
46 articles

WordPress Discloses Core Flaw Enabling Unauthenticated Code Execution
WordPress has patched a critical flaw that allowed hackers to execute code remotely without authentication, releasing versions 6.9.5 and 7.0.2 to fix the vulnerability. The update addresses a REST API batch-route confusion and SQL injection issue that could be triggered by a simple HTTP request.

AI-Powered Tool Discovers Zero-Day in WordPress Plugin
Meet the AI-powered tool that just discovered a zero-day vulnerability in a popular WordPress plugin, and learn how its automated pipeline can detect and exploit weaknesses in code. This game-changing technology can extract sensitive data, like password hashes and secret tokens, from live databases.

WordPress Plugins Backdoored in ShapedPlugin Supply Chain Attack
A recent supply chain attack on ShapedPlugin compromised the updates for several WordPress plugins, including Product Slider Pro for WooCommerce, injecting backdoor code that could give attackers full control of affected sites. This severe vulnerability, rated 10.0 on the CVSS scale, highlights the importance of staying vigilant about plugin updates and security.

Hackers Exploit Gravity SMTP Plugin Bug to Expose API Keys
Malicious hackers are racing to exploit a vulnerability in the Gravity SMTP plugin, which has been installed on around 100,000 WordPress sites, to get their hands on sensitive API keys. Over 17 million exploit attempts have already been blocked by Wordfence, highlighting the urgent need for site owners to update to version 2.1.5.

Hackers Exploit Gravity SMTP Plugin Bug on 100,000 WordPress Sites
A critical bug in the Gravity SMTP plugin is being exploited by hackers on over 100,000 WordPress sites, putting sensitive information at risk. Update to version 2.1.5 or later to patch the vulnerability.

Law Enforcement Disrupts SocGholish Malware Network, Cleans 15,000 WordPress Sites
In a major win for cybersecurity, an international team of law enforcement agencies has dismantled a notorious malware network, freeing 15,000 WordPress sites from infection and dealing a significant blow to cybercriminals. This decisive action is just the beginning, with authorities vowing to continue the fight against botnets and cybercrime.

Law Enforcement Disrupts SocGholish Botnet Linked to Evil Corp
In a major win for cybersecurity, an international coalition of law enforcement agencies has dismantled the notorious SocGholish botnet, liberating nearly 15,000 compromised WordPress sites and taking down 106 servers and domains used by cybercriminals. This bold operation has effectively cut off the cybercrime gang's access to thousands of infected computer systems.

WordPress Plugins Compromised to Deploy Hidden Backdoors
Over 1.2 million WordPress sites are potentially at risk after a security breach compromised three popular plugins, allowing hackers to secretly install backdoors and gain admin access. The sneaky attack injects malicious code that only kicks in when a logged-in administrator visits the site, putting unsuspecting site owners in the dark.

Hackers Exploit Everest Forms Pro Flaw to Hijack WordPress Sites
More than 29,300 attempted hacks have been blocked by Wordfence, revealing a surge in automated attacks exploiting a critical flaw in the Everest Forms Pro plugin, tracked as CVE-2026-3300. This alarming number highlights the urgent need for WordPress site owners to safeguard against this vulnerability.

Hackers Exploit Everest Forms Pro Flaw to Compromise WordPress Sites
A critical vulnerability in Everest Forms Pro, affecting over 4,000 active WordPress installations, has been exploited by hackers to gain remote code execution, allowing them to take control of sites without authorization. A patch has been released, but sites remain at risk if not updated to version 1.9.13 or later.

Everest Forms Pro Flaw Exploited for Remote Code Execution
A critical flaw in the Everest Forms Pro WordPress plugin, CVE-2026-3300, has been exploited over 29,300 times, allowing attackers to execute remote code on vulnerable sites. This vulnerability was caused by a simple calculation feature that was not properly sanitized, leaving sites open to unauthenticated attacks.

WordPress Sites Targeted in Steam Profile Malware Campaign
A massive malware campaign has infected nearly 2,000 WordPress websites, using a sneaky tactic of hiding command-and-control data within Steam Community profile comments. The attack, first detected in July 2025, has left security experts scrambling to uncover its entry point.

WP Maps Pro Flaw Exploited to Create Admin Accounts
A critical vulnerability in the popular WP Maps Pro plugin, used by over 15,000 WordPress sites, has been exploited to create admin accounts, putting countless websites at risk of complete takeover. This high-severity flaw, tracked as CVE-2026-8732, allows attackers to escalate privileges and gain unrestricted access.

Hackers Exploit WP Maps Pro Bug to Hijack WordPress Sites
In just 24 hours, over 3,600 hacking attempts were made to exploit a critical flaw in the WP Maps Pro plugin, allowing attackers to create admin accounts and log in without a password. This vulnerability, affecting version 6.1.0 and older, puts countless WordPress sites at risk.

Funnel Builder Flaw Exploited for WooCommerce Checkout Skimming
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages and skim sensitive customer info. Over 40,000 online stores using the plugin may be at risk.

Funnel Builder Plugin Exploited to Inject Credit Card Skimmers
A vulnerability in the popular Funnel Builder plugin, used on over 40,000 websites, has been exploited to inject credit card skimmers into WooCommerce checkout pages, putting sensitive payment data at risk. This flaw allows attackers to sneak malicious code into checkout pages, harvesting valuable information from unsuspecting customers.

Avada Builder Flaws Expose WordPress Sites to Credential Theft
A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

Hackers exploit auth flaw in Burst Statistics WordPress plugin
A critical bug in the Burst Statistics WordPress plugin, affecting 200,000 sites, allows hackers to impersonate administrators and gain unauthorized access. This alarming vulnerability, already showing signs of exploitation, puts countless websites at risk.

Avada Builder Flaws Put 1 Million WordPress Sites at Risk
Two newly discovered flaws in the Avada Builder plugin have put a staggering 1 million WordPress sites at risk, allowing hackers to exploit vulnerabilities and access sensitive server files. This critical security threat highlights the urgent need for site owners to take action and protect their online presence.

WordPress Plugin Exposes 70,000 Sites to Backdoor Vulnerability
A shocking security vulnerability has been uncovered in a popular WordPress plugin, leaving over 70,000 sites open to backdoor attacks that can inject malicious code on demand. The issue was discovered in the Quick Page/Post Redirect plugin, which was infected with a hidden backdoor five years ago.

Compromised Plugin Update Injects Backdoor into WordPress Sites
A widely used WordPress plugin, Smart Slider 3 Pro, was compromised when hackers hijacked its update system to push a poisoned version containing a backdoor, putting over 800,000 active installations at risk. This alarming breach raises critical questions about trust and security in the mechanisms we rely on to protect our online presence.

Hackers Exploit Smart Slider Plugin to Deploy Malicious Code
Hackers have hijacked the update system for the popular Smart Slider 3 Pro plugin, deploying a malicious release that lets them take control of affected websites. This alarming breach highlights the vulnerability of even trusted software update channels to exploitation.

Ninja Forms Flaw Exposes WordPress Sites to Code Execution Risk
A critical vulnerability in the popular Ninja Forms plugin has been discovered, allowing hackers to upload and execute malicious code on WordPress sites without needing login credentials. If you're using Ninja Forms, update to version 3.3.27 immediately to protect your site from remote code execution attacks.

Hackers Exploit Flaw in Ninja Forms WordPress Plugin
A critical vulnerability in the Ninja Forms File Uploads premium WordPress plugin allows hackers to upload malicious files and execute code on your server - putting your entire site at risk. This flaw lets unauthenticated users wreak havoc, making it essential to take immediate action to protect your online presence.