Wordpress Archives - Security Affairs

Pierluigi Paganini July 31, 2025

Attackers actively exploit critical zero-day in Alone WordPress Theme

Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites. Threat actors are actively exploiting a critical flaw, tracked as CVE-2025-5394 (CVSS score of 9.8), in the “Alone – Charity Multipurpose Non-profit WordPress Theme” to compromise websites. On May 30th, 2025, security researcher Thái An […]

Pierluigi Paganini July 28, 2025

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners […]

Pierluigi Paganini July 24, 2025

Stealth backdoor found in WordPress mu-Plugins folder

A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPress’s “mu-plugins” folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. “must-use plugins” are special WordPress plugins that cannot be […]

Pierluigi Paganini April 01, 2025

Hiding WordPress malware in the mu-plugins directory to avoid detection

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. “Unlike regular plugins, must-use plugins are automatically loaded on every page load, […]

Pierluigi Paganini January 13, 2025

Credit Card Skimmer campaign targets WordPress via database injection

Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables. The attackers hide the malicious code in the WordPress wp_options table, injecting obfuscated JavaScript into […]

Pierluigi Paganini November 18, 2024

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full admin access. It’s one of the most critical WordPress vulnerabilities ever. Wordfence researchers warn of a vulnerability, tracked as CVE-2024-10924 (CVSS Score of 9.8), in the Really Simple Security plugin that affects 4M+ sites. The Really Simple Security plugin, formerly Really Simple SSL, is […]

Pierluigi Paganini October 05, 2024

WordPress LiteSpeed Cache plugin flaw could allow site takeover

A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers to execute arbitrary JavaScript. The vulnerability is a stored cross-site scripting (XSS) issue impacting versions […]

Pierluigi Paganini September 07, 2024

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for WordPress that accounts for over 5 million active installations. The plugin offers site acceleration through server-level caching and various optimization features. The LiteSpeed Cache plugin […]

Pierluigi Paganini August 27, 2024

Critical flaw in WPML WordPress plugin impacts 1M websites

A critical flaw in the WPML WordPress plugin, which is installed on 1 million websites, could allow potential compromise of affected sites. The WPML Multilingual CMS Plugin for WordPress is installed on over 1 million sites. An authenticated (Contributor+) Remote Code Execution (RCE) vulnerability, tracked CVE-2024-6386 (CVSS score of 9.9), in WPML Plugin potentially allows […]

Pierluigi Paganini May 08, 2024

LiteSpeed Cache WordPress plugin actively exploited in the wild

Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites. WPScan researchers reported that threat actors are exploiting a high-severity vulnerability in LiteSpeed Cache plugin for WordPress. LiteSpeed Cache for WordPress (LSCWP) is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection […]

Wordpress

Attackers actively exploit critical zero-day in Alone WordPress Theme

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

Stealth backdoor found in WordPress mu-Plugins folder

Hiding WordPress malware in the mu-plugins directory to avoid detection

Credit Card Skimmer campaign targets WordPress via database injection

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

WordPress LiteSpeed Cache plugin flaw could allow site takeover

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

Critical flaw in WPML WordPress plugin impacts 1M websites

LiteSpeed Cache WordPress plugin actively exploited in the wild

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

DOJ takes action against 22-year-old running RapperBot Botnet

Google fixed Chrome flaw found by Big Sleep AI

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

A hacker tied to Yemen Cyber Army gets 20 months in prison

Exploit weaponizes SAP NetWeaver bugs for full system compromise

QUICK LINKS

Wordpress

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!