Wordfence - Security Ticks

Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)

account hijacking, Don't miss, Hot stuff, News, vulnerability, Wordfence, WordPress / SecurityTicks

Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) 2025-05-21 at 13:32 By Zeljka Zorz A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated attackers to take over admin accounts and gain full control over target WP-based sites. The […]

React to this headline:

Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) Read More »

Compromised plugins found on WordPress.org

backdoor, Don't miss, Hot stuff, News, plugin, supply chain compromise, Wordfence, WordPress / SecurityTicks

Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript

React to this headline:

Compromised plugins found on WordPress.org Read More »

Security Flaw in WP-Members Plugin Leads to Script Injection

Application Security, CVE-2024-1852, Vulnerabilities, Wordfence, WordPress, WP-Members / SecurityTicks

Security Flaw in WP-Members Plugin Leads to Script Injection 2024-04-02 at 18:46 By Ionut Arghire A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Security Flaw in WP-Members Plugin Leads to Script Injection Read More »