Home/Tag/Wordpress

Wordpress

16 articles tagged with "Wordpress"

Malware4 min read

WordPress Malware Hides C2 Payloads in Steam Profile Comments

GoDaddy researchers uncover campaign infecting 2,000 WordPress sites with malware that extracts commands from invisible Unicode characters in Steam Community comments.

Malware DeskJun 8, 2026

Vulnerabilities4 min read

WordPress Plugin RCE Under Mass Exploitation — 29K Attacks

CVE-2026-3300 in Everest Forms Pro allows unauthenticated attackers to execute PHP code via eval() injection. Over 29,300 exploit attempts blocked since April despite patch availability.

Vulnerability DeskJun 6, 2026

Vulnerabilities4 min read

WordPress Kirki Flaw Lets Attackers Hijack Admin Accounts

CVE-2026-8206 (CVSS 9.8) in the Kirki WordPress plugin enables unauthenticated account takeover via password reset manipulation. Over 500,000 sites at risk.

Vulnerability DeskJun 5, 2026

Vulnerabilities4 min read

WP Maps Pro Flaw Creates Admin Accounts — 15K Sites at Risk

CVE-2026-8732 in WP Maps Pro allows unauthenticated attackers to create administrator accounts. Over 3,600 attacks blocked in 24 hours. Patch to 6.1.1 now.

Vulnerability DeskMay 31, 2026

Malware3 min read

WooCommerce Stores Under Attack via Funnel Builder Flaw

Attackers exploit unauthenticated vulnerability in Funnel Builder plugin to inject payment skimmers on 40,000+ WordPress stores. Patch to 3.15.0.3 immediately.

Malware DeskMay 17, 2026

Malware4 min read

Smart Slider Hijacked: 900K WordPress Sites Get Backdoored

Attackers compromised Nextend's update infrastructure to push a malicious Smart Slider 3 Pro version with four layers of backdoors. Here's who's affected and how to recover.

Malware DeskApr 9, 2026

Vulnerabilities4 min read

ImageMagick Zero-Days Enable RCE on Linux, WordPress via Image Upload

AI-discovered vulnerabilities bypass all security policies including 'secure' mode. Most servers won't receive fixes until 2027 without manual intervention.

Vulnerability DeskApr 6, 2026

Vulnerabilities4 min read

800K Sites at Risk from Smart Slider 3 File Read Flaw

CVE-2026-3098 lets subscribers read wp-config.php and any server file. Amelia Booking Pro also patched for admin password reset bug. Update these WordPress plugins now.

Vulnerability DeskMar 29, 2026

Malware4 min read

Vidar Infostealer Spreads via Hacked WordPress Sites

Malwarebytes researchers detected a Vidar infostealer campaign using fake CAPTCHA pages on compromised WordPress sites. ClickFix technique tricks users into running malicious PowerShell.

Malware DeskMar 28, 2026

Malware4 min read

250+ WordPress Sites Compromised to Deliver Infostealers via ClickFix

Global campaign hijacks WordPress sites in 12 countries to serve fake Cloudflare CAPTCHAs that deploy Vidar, VodkaStealer, and other credential theft malware.

Malware DeskMar 16, 2026

Vulnerabilities4 min read

WordPress Membership Plugin Flaw Lets Anyone Become Admin

CVE-2026-1492 in User Registration & Membership plugin enables unauthenticated admin account creation. CVSS 9.8—over 100,000 sites at risk.

Vulnerability DeskMar 13, 2026

Vulnerabilities3 min read

wpForo Forum Plugin Hit by Six Critical Vulnerabilities

WordPress plugin wpForo 2.4.14 contains unauthenticated SQL injection, PHP object injection, and multiple authorization bypass flaws. Over 80,000 sites at risk.

Vulnerability DeskMar 1, 2026

Vulnerabilities4 min read

CleanTalk WordPress Plugin Flaw Exposes 200K Sites to Takeover

Critical CVE-2026-1490 (CVSS 9.8) in CleanTalk anti-spam plugin allows unauthenticated attackers to install malicious plugins via DNS spoofing. Update to 6.72 now.

Vulnerability DeskFeb 19, 2026

Vulnerabilities3 min read

WordPress Service Finder Plugin Exploit Hits 13,800 Sites

Attackers exploiting CVE-2025-5947 in Service Finder Bookings plugin to hijack admin accounts through cookie manipulation. Over 6,000 sites potentially exposed.

Vulnerability DeskFeb 4, 2026

Vulnerabilities4 min read

WordPress Plugin Flaw Gives Attackers Admin Access Without Login

CVE-2026-23550 in Modular DS plugin scores CVSS 10.0. Active exploitation began January 13, with 40,000+ sites at risk.

Vulnerability DeskJan 28, 2026

Vulnerabilities4 min read

WordPress ACF Extended Bug Lets Anyone Become Admin

CVE-2025-14533 in the ACF Extended plugin allows unauthenticated attackers to register as administrators on 100,000 WordPress sites.

Vulnerability DeskJan 21, 2026