A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively exploiting a…
Hackers exploited old RCE flaws in WordPress GutenKit and Hunk Companion plugins. Wordfence firm blocked 8.7M attacks in two days.…
Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the Alone WordPress theme to hijack sites.…
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched.…
A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised…
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned…
Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers…
A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full admin access. It’s one of the most critical…
A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions.…
A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts.…
This website uses cookies.