Tag: wordpress
46 articles

Elementor King Addons Exclusive Flaw Hits 10k Sites
A widespread flaw in Elementor King Addons has now affected over 10,000 sites. Find out what went wrong and the quick steps you can take right now to protect your site.

smart contracts Risky: Stunning Malware Supply-Chain Threat
Cybercriminals are hijacking compromised WordPress sites and hiding malware distribution inside blockchain smart contracts — a tactic called EtherHiding that makes takedowns harder and spreads info-stealers like AMOS, Lumma, RADTHIEF and Vidar to Windows and macOS. Protect your site and devices now: patch WordPress, lock down plugins and admin access, and keep endpoints and authentication strong.

Slider Revolution Risky Flaw: Must-Have Patch Guide
A newly disclosed vulnerability in Slider Revolution — found on roughly four million WordPress sites — can expose private files and credentials, so site owners should urgently update or remove bundled copies and scan for signs of unauthorized access. Take immediate steps: apply patches, rotate exposed keys, and use WAF/server rules to block risky endpoints while you audit your sites.

authentication bypass: Critical, Dangerous Exploit
Thousands of WordPress sites are at risk after a critical authentication bypass (CVE-2025-5947, CVSS 9.8) in the Service Finder theme and bundled Bookings plugin is being actively exploited — attackers can log in as any user, including admins. If you run that theme, update or disable it now, audit for signs of compromise, and restore from clean backups if needed.

WordPress themes and plugins: Risky Must-Have Fix
A routine verification prompt can hide a dangerous trap: attackers are hijacking WordPress themes and plugins to inject stealthy JavaScript that redirects visitors to convincing phishing pages. Keep themes and plugins updated, use strong admin controls and a WAF, and vet all extensions to stop these silent, high-impact compromises before they spread.

Paid Memberships Subscription plugin Urgent Exclusive Risk
A critical unauthenticated SQL injection was found in the Paid Memberships Subscription plugin, putting thousands of WordPress membership sites at risk. If you use the plugin, check your version and apply the patch or disable it now to protect user data and memberships.

Security Vulnerability in WordPress Plugin Threatens 600,000 Websites with File Deletion
Security vulnerability in a WordPress plugin exposes 600,000 websites to potential file deletion risks. Update your plugins to safeguard your site.

Vulnerability in Forminator Plugin Poses Takeover Risk for WordPress Sites
Vulnerability in Forminator Plugin exposes WordPress sites to takeover risks. Update now to secure your site against potential threats.

Rogue WordPress Plugin Exploits Malware Campaign to Steal Credit Card Information
Rogue WordPress plugin exploits vulnerabilities to launch a malware campaign, targeting sites to steal credit card information from unsuspecting users.

Exploit of WordPress Motors Theme Leads to Widespread Admin Account Hijacking
Critical vulnerability in WordPress Motors Theme exposes admin accounts to hijacking, prompting urgent security measures for affected sites.

Linux Foundation Launches Distributed Plugin Manager for WordPress
Linux Foundation launches a distributed plugin manager for WordPress, delivering streamlined updates, enhanced security, and improved scalability for modern websites.

PayU Plugin Vulnerability Exposes 5000 WordPress Sites to Account Hijacking
PayU plugin flaw endangers 5000 WordPress sites with account hijacking risks. Secure your site now to prevent unauthorized access.

Critical CVSS 10.0 Vulnerability in Wishlist Plugin Puts Over 100K WordPress Sites at Risk
Critical CVSS 10.0 flaw in the Wishlist Plugin endangers 100K+ WordPress sites—immediate updates required to mitigate potential cyber threats.

Critical Vulnerability in Premium WordPress Motors Theme Enables Admin Takeover Exploits
Critical vulnerability in Premium WordPress Motors theme allows admin takeover exploits. Patch immediately to secure your website.

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts
Hackers exploit OttoKit WordPress plugin flaw to create admin accounts and compromise site security. Patch now to protect your website.

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
OttoKit WordPress Plugin with 100K+ installs hit by exploits targeting multiple flaws. Update now to secure your site.

Malicious WordPress Plugin Grants Remote Administrative Access to Cyber Attackers
Malicious WordPress plugin lets attackers gain remote admin control, exposing sites to unauthorized access, data breaches, and exploitation.

Deceptive WordPress Plugin Poses as a Security Tool While Deploying a Backdoor
Deceptive WordPress plugin masquerades as a security tool, secretly installing a backdoor that compromises vulnerable sites.

Emerging WordPress Threat: Malware Disguising Itself as a Plugin
Emerging WordPress threat: malware disguised as a plugin jeopardizes website security. Learn to detect and prevent vulnerabilities today.

Fake Patch Phishing Campaign Hits WooCommerce, Injecting Hidden Backdoors
Fake Patch phishing campaign targets WooCommerce sites with fraudulent updates, injecting hidden backdoors to compromise security.

WooCommerce admins targeted by fake security patches that hijack sites
Fake security patches target WooCommerce admins to hijack sites. Discover key steps to safeguard your store and prevent malicious attacks.

WordPress Ad-Fraud Plugins Responsible for 1.4 Billion Daily Ad Requests
Discover how WordPress ad-fraud plugins generate 1.4 billion daily ad requests, impacting digital marketing and ad spend efficiency.