Skip to main content

Tag: wordpress

46 articles

Laptop on a minimalist desk with a potted plant and stack of paper in soft natural light.

WordPress Discloses Core Flaw Enabling Unauthenticated Code Execution

WordPress has patched a critical flaw that allowed hackers to execute code remotely without authentication, releasing versions 6.9.5 and 7.0.2 to fix the vulnerability. The update addresses a REST API batch-route confusion and SQL injection issue that could be triggered by a simple HTTP request.

Analyst 207
Rows of computer equipment and cables in a bright, modern lab with a laptop screen in the foreground.

AI-Powered Tool Discovers Zero-Day in WordPress Plugin

Meet the AI-powered tool that just discovered a zero-day vulnerability in a popular WordPress plugin, and learn how its automated pipeline can detect and exploit weaknesses in code. This game-changing technology can extract sensitive data, like password hashes and secret tokens, from live databases.

Analyst 207
WordPress admin dashboard on laptop with plugin installation page, surrounded by cluttered workspace and office background.

WordPress Plugins Backdoored in ShapedPlugin Supply Chain Attack

A recent supply chain attack on ShapedPlugin compromised the updates for several WordPress plugins, including Product Slider Pro for WooCommerce, injecting backdoor code that could give attackers full control of affected sites. This severe vulnerability, rated 10.0 on the CVSS scale, highlights the importance of staying vigilant about plugin updates and security.

Analyst 207
WordPress dashboard screen with a highlighted API key field and a warning symbol nearby.

Hackers Exploit Gravity SMTP Plugin Bug to Expose API Keys

Malicious hackers are racing to exploit a vulnerability in the Gravity SMTP plugin, which has been installed on around 100,000 WordPress sites, to get their hands on sensitive API keys. Over 17 million exploit attempts have already been blocked by Wordfence, highlighting the urgent need for site owners to update to version 2.1.5.

Analyst 207
Cluttered office desk with laptop showing empty interface, symbolizing WordPress site vulnerability.

Hackers Exploit Gravity SMTP Plugin Bug on 100,000 WordPress Sites

A critical bug in the Gravity SMTP plugin is being exploited by hackers on over 100,000 WordPress sites, putting sensitive information at risk. Update to version 2.1.5 or later to patch the vulnerability.

Analyst 207
Law enforcement officials gather around a podium in a briefing room, dismantling a malware network.

Law Enforcement Disrupts SocGholish Malware Network, Cleans 15,000 WordPress Sites

In a major win for cybersecurity, an international team of law enforcement agencies has dismantled a notorious malware network, freeing 15,000 WordPress sites from infection and dealing a significant blow to cybercriminals. This decisive action is just the beginning, with authorities vowing to continue the fight against botnets and cybercrime.

Analyst 207
Law enforcement officers from multiple countries gather in a government briefing room.

Law Enforcement Disrupts SocGholish Botnet Linked to Evil Corp

In a major win for cybersecurity, an international coalition of law enforcement agencies has dismantled the notorious SocGholish botnet, liberating nearly 15,000 compromised WordPress sites and taking down 106 servers and domains used by cybercriminals. This bold operation has effectively cut off the cybercrime gang's access to thousands of infected computer systems.

Analyst 207
Person sitting at a desk in a well-lit room, with a subtle hint of digital vulnerability.

WordPress Plugins Compromised to Deploy Hidden Backdoors

Over 1.2 million WordPress sites are potentially at risk after a security breach compromised three popular plugins, allowing hackers to secretly install backdoors and gain admin access. The sneaky attack injects malicious code that only kicks in when a logged-in administrator visits the site, putting unsuspecting site owners in the dark.

Analyst 207
A WordPress dashboard screen with a cracked laptop keyboard in the foreground, symbolizing site vulnerability.

Hackers Exploit Everest Forms Pro Flaw to Hijack WordPress Sites

More than 29,300 attempted hacks have been blocked by Wordfence, revealing a surge in automated attacks exploiting a critical flaw in the Everest Forms Pro plugin, tracked as CVE-2026-3300. This alarming number highlights the urgent need for WordPress site owners to safeguard against this vulnerability.

Analyst 207
WordPress website backend dashboard on a laptop screen in a quiet workspace.

Hackers Exploit Everest Forms Pro Flaw to Compromise WordPress Sites

A critical vulnerability in Everest Forms Pro, affecting over 4,000 active WordPress installations, has been exploited by hackers to gain remote code execution, allowing them to take control of sites without authorization. A patch has been released, but sites remain at risk if not updated to version 1.9.13 or later.

Analyst 207
WordPress site backend on laptop with Everest Forms Pro plugin visible.

Everest Forms Pro Flaw Exploited for Remote Code Execution

A critical flaw in the Everest Forms Pro WordPress plugin, CVE-2026-3300, has been exploited over 29,300 times, allowing attackers to execute remote code on vulnerable sites. This vulnerability was caused by a simple calculation feature that was not properly sanitized, leaving sites open to unauthenticated attacks.

Analyst 207
WordPress website backend on a laptop in a cluttered home office setting.

WordPress Sites Targeted in Steam Profile Malware Campaign

A massive malware campaign has infected nearly 2,000 WordPress websites, using a sneaky tactic of hiding command-and-control data within Steam Community profile comments. The attack, first detected in July 2025, has left security experts scrambling to uncover its entry point.

Analyst 207
WordPress dashboard on a laptop screen amidst a cluttered home office, symbolizing vulnerability.

WP Maps Pro Flaw Exploited to Create Admin Accounts

A critical vulnerability in the popular WP Maps Pro plugin, used by over 15,000 WordPress sites, has been exploited to create admin accounts, putting countless websites at risk of complete takeover. This high-severity flaw, tracked as CVE-2026-8732, allows attackers to escalate privileges and gain unrestricted access.

Analyst 207
Person typing on laptop with blurred map interface on screen, symbolizing WordPress site security breach.

Hackers Exploit WP Maps Pro Bug to Hijack WordPress Sites

In just 24 hours, over 3,600 hacking attempts were made to exploit a critical flaw in the WP Maps Pro plugin, allowing attackers to create admin accounts and log in without a password. This vulnerability, affecting version 6.1.0 and older, puts countless WordPress sites at risk.

Analyst 207
Retail checkout counter with a WooCommerce point-of-sale terminal in the foreground and blurred store shelves in the…

Funnel Builder Flaw Exploited for WooCommerce Checkout Skimming

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages and skim sensitive customer info. Over 40,000 online stores using the plugin may be at risk.

Analyst 207
Retail checkout counter with payment terminal and WooCommerce logo, laptop screen blurred with loading animation, hinting…

Funnel Builder Plugin Exploited to Inject Credit Card Skimmers

A vulnerability in the popular Funnel Builder plugin, used on over 40,000 websites, has been exploited to inject credit card skimmers into WooCommerce checkout pages, putting sensitive payment data at risk. This flaw allows attackers to sneak malicious code into checkout pages, harvesting valuable information from unsuspecting customers.

Analyst 207
Web development workspace with laptop and coding materials on desk.

Avada Builder Flaws Expose WordPress Sites to Credential Theft

A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

Analyst 207
Laptop screen displays WordPress website backend in brightly-lit office setting.

Hackers exploit auth flaw in Burst Statistics WordPress plugin

A critical bug in the Burst Statistics WordPress plugin, affecting 200,000 sites, allows hackers to impersonate administrators and gain unauthorized access. This alarming vulnerability, already showing signs of exploitation, puts countless websites at risk.

Analyst 207
A modern web development environment with a laptop workstation and out-of-focus screen, symbolizing a vulnerable WordPress…

Avada Builder Flaws Put 1 Million WordPress Sites at Risk

Two newly discovered flaws in the Avada Builder plugin have put a staggering 1 million WordPress sites at risk, allowing hackers to exploit vulnerabilities and access sensitive server files. This critical security threat highlights the urgent need for site owners to take action and protect their online presence.

Analyst 207
WordPress site administrator working on laptop in dimly lit server room.

WordPress Plugin Exposes 70,000 Sites to Backdoor Vulnerability

A shocking security vulnerability has been uncovered in a popular WordPress plugin, leaving over 70,000 sites open to backdoor attacks that can inject malicious code on demand. The issue was discovered in the Quick Page/Post Redirect plugin, which was infected with a hidden backdoor five years ago.

Analyst 207
Laptop on cluttered desk displays ominous warning icon on dashboard amidst eerie blue glow, with locked door and small gap…

Compromised Plugin Update Injects Backdoor into WordPress Sites

A widely used WordPress plugin, Smart Slider 3 Pro, was compromised when hackers hijacked its update system to push a poisoned version containing a backdoor, putting over 800,000 active installations at risk. This alarming breach raises critical questions about trust and security in the mechanisms we rely on to protect our online presence.

Analyst 207
Dark computer screen with cracked slider interface, tangled wires, and circuit boards, emitting eerie glow of malicious code.

Hackers Exploit Smart Slider Plugin to Deploy Malicious Code

Hackers have hijacked the update system for the popular Smart Slider 3 Pro plugin, deploying a malicious release that lets them take control of affected websites. This alarming breach highlights the vulnerability of even trusted software update channels to exploitation.

Analyst 207
Shadowy ninja figure looms over broken laptop and scattered code printouts against a cityscape backdrop.

Ninja Forms Flaw Exposes WordPress Sites to Code Execution Risk

A critical vulnerability in the popular Ninja Forms plugin has been discovered, allowing hackers to upload and execute malicious code on WordPress sites without needing login credentials. If you're using Ninja Forms, update to version 3.3.27 immediately to protect your site from remote code execution attacks.

Analyst 207
A cracked padlock surrounded by glowing code patterns with a shadowy figure hunched over a laptop in the distance.

Hackers Exploit Flaw in Ninja Forms WordPress Plugin

A critical vulnerability in the Ninja Forms File Uploads premium WordPress plugin allows hackers to upload malicious files and execute code on your server - putting your entire site at risk. This flaw lets unauthenticated users wreak havoc, making it essential to take immediate action to protect your online presence.

Analyst 207