Skip to main content

Tag: wordpress

46 articles

Broken crown lies on cracked asphalt with shattered glass and debris, laptop and smartphone nearby.

Elementor King Addons Exclusive Flaw Hits 10k Sites

A widespread flaw in Elementor King Addons has now affected over 10,000 sites. Find out what went wrong and the quick steps you can take right now to protect your site.

Analyst 207
smart contracts Risky: Stunning Malware Supply-Chain Threat

smart contracts Risky: Stunning Malware Supply-Chain Threat

Cybercriminals are hijacking compromised WordPress sites and hiding malware distribution inside blockchain smart contracts — a tactic called EtherHiding that makes takedowns harder and spreads info-stealers like AMOS, Lumma, RADTHIEF and Vidar to Windows and macOS. Protect your site and devices now: patch WordPress, lock down plugins and admin access, and keep endpoints and authentication strong.

Analyst 207
Slider Revolution Risky Flaw: Must-Have Patch Guide

Slider Revolution Risky Flaw: Must-Have Patch Guide

A newly disclosed vulnerability in Slider Revolution — found on roughly four million WordPress sites — can expose private files and credentials, so site owners should urgently update or remove bundled copies and scan for signs of unauthorized access. Take immediate steps: apply patches, rotate exposed keys, and use WAF/server rules to block risky endpoints while you audit your sites.

Analyst 207
authentication bypass: Critical, Dangerous Exploit

authentication bypass: Critical, Dangerous Exploit

Thousands of WordPress sites are at risk after a critical authentication bypass (CVE-2025-5947, CVSS 9.8) in the Service Finder theme and bundled Bookings plugin is being actively exploited — attackers can log in as any user, including admins. If you run that theme, update or disable it now, audit for signs of compromise, and restore from clean backups if needed.

Analyst 207
WordPress themes and plugins: Risky Must-Have Fix

WordPress themes and plugins: Risky Must-Have Fix

A routine verification prompt can hide a dangerous trap: attackers are hijacking WordPress themes and plugins to inject stealthy JavaScript that redirects visitors to convincing phishing pages. Keep themes and plugins updated, use strong admin controls and a WAF, and vet all extensions to stop these silent, high-impact compromises before they spread.

Analyst 207
Paid Memberships Subscription plugin Urgent Exclusive Risk

Paid Memberships Subscription plugin Urgent Exclusive Risk

A critical unauthenticated SQL injection was found in the Paid Memberships Subscription plugin, putting thousands of WordPress membership sites at risk. If you use the plugin, check your version and apply the patch or disable it now to protect user data and memberships.

Analyst 207
Security Vulnerability in WordPress Plugin Threatens 600,000 Websites with File Deletion

Security Vulnerability in WordPress Plugin Threatens 600,000 Websites with File Deletion

Security vulnerability in a WordPress plugin exposes 600,000 websites to potential file deletion risks. Update your plugins to safeguard your site.

Analyst 207
Vulnerability in Forminator Plugin Poses Takeover Risk for WordPress Sites

Vulnerability in Forminator Plugin Poses Takeover Risk for WordPress Sites

Vulnerability in Forminator Plugin exposes WordPress sites to takeover risks. Update now to secure your site against potential threats.

Analyst 207
Rogue WordPress Plugin Exploits Malware Campaign to Steal Credit Card Information

Rogue WordPress Plugin Exploits Malware Campaign to Steal Credit Card Information

Rogue WordPress plugin exploits vulnerabilities to launch a malware campaign, targeting sites to steal credit card information from unsuspecting users.

Analyst 207
Exploit of WordPress Motors Theme Leads to Widespread Admin Account Hijacking

Exploit of WordPress Motors Theme Leads to Widespread Admin Account Hijacking

Critical vulnerability in WordPress Motors Theme exposes admin accounts to hijacking, prompting urgent security measures for affected sites.

Analyst 207
Linux Foundation Launches Distributed Plugin Manager for WordPress

Linux Foundation Launches Distributed Plugin Manager for WordPress

Linux Foundation launches a distributed plugin manager for WordPress, delivering streamlined updates, enhanced security, and improved scalability for modern websites.

Analyst 207
PayU Plugin Vulnerability Exposes 5000 WordPress Sites to Account Hijacking

PayU Plugin Vulnerability Exposes 5000 WordPress Sites to Account Hijacking

PayU plugin flaw endangers 5000 WordPress sites with account hijacking risks. Secure your site now to prevent unauthorized access.

Analyst 207
Critical CVSS 10.0 Vulnerability in Wishlist Plugin Puts Over 100K WordPress Sites at Risk

Critical CVSS 10.0 Vulnerability in Wishlist Plugin Puts Over 100K WordPress Sites at Risk

Critical CVSS 10.0 flaw in the Wishlist Plugin endangers 100K+ WordPress sites—immediate updates required to mitigate potential cyber threats.

Analyst 207
Critical Vulnerability in Premium WordPress Motors Theme Enables Admin Takeover Exploits

Critical Vulnerability in Premium WordPress Motors Theme Enables Admin Takeover Exploits

Critical vulnerability in Premium WordPress Motors theme allows admin takeover exploits. Patch immediately to secure your website.

Analyst 207
Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers exploit OttoKit WordPress plugin flaw to create admin accounts and compromise site security. Patch now to protect your website.

Analyst 207
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

OttoKit WordPress Plugin with 100K+ installs hit by exploits targeting multiple flaws. Update now to secure your site.

Analyst 207
Malicious WordPress Plugin Grants Remote Administrative Access to Cyber Attackers

Malicious WordPress Plugin Grants Remote Administrative Access to Cyber Attackers

Malicious WordPress plugin lets attackers gain remote admin control, exposing sites to unauthorized access, data breaches, and exploitation.

Analyst 207
Deceptive WordPress Plugin Poses as a Security Tool While Deploying a Backdoor

Deceptive WordPress Plugin Poses as a Security Tool While Deploying a Backdoor

Deceptive WordPress plugin masquerades as a security tool, secretly installing a backdoor that compromises vulnerable sites.

Analyst 207
Emerging WordPress Threat: Malware Disguising Itself as a Plugin

Emerging WordPress Threat: Malware Disguising Itself as a Plugin

Emerging WordPress threat: malware disguised as a plugin jeopardizes website security. Learn to detect and prevent vulnerabilities today.

Analyst 207
Fake Patch Phishing Campaign Hits WooCommerce, Injecting Hidden Backdoors

Fake Patch Phishing Campaign Hits WooCommerce, Injecting Hidden Backdoors

Fake Patch phishing campaign targets WooCommerce sites with fraudulent updates, injecting hidden backdoors to compromise security.

Analyst 207
WooCommerce admins targeted by fake security patches that hijack sites

WooCommerce admins targeted by fake security patches that hijack sites

Fake security patches target WooCommerce admins to hijack sites. Discover key steps to safeguard your store and prevent malicious attacks.

Analyst 207
WordPress Ad-Fraud Plugins Responsible for 1.4 Billion Daily Ad Requests

WordPress Ad-Fraud Plugins Responsible for 1.4 Billion Daily Ad Requests

Discover how WordPress ad-fraud plugins generate 1.4 billion daily ad requests, impacting digital marketing and ad spend efficiency.

Analyst 207