WordPress

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

Vulnerabilities, vulnerability, WordPress, WordPress plugin /

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover 2025-07-02 at 13:18 By Ionut Arghire A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover Read More »

Motors Theme Vulnerability Exploited to Hack WordPress Websites

exploited, Vulnerabilities, vulnerability, WordPress /

Motors Theme Vulnerability Exploited to Hack WordPress Websites 2025-06-20 at 14:22 By Ionut Arghire Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords. The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Motors Theme Vulnerability Exploited to Hack WordPress Websites Read More »

Second OttoKit Vulnerability Exploited to Hack WordPress Sites

exploited, Vulnerabilities, WordPress, WordPress plugin /

Second OttoKit Vulnerability Exploited to Hack WordPress Sites 2025-05-07 at 12:16 By Ionut Arghire Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges. The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Second OttoKit Vulnerability Exploited to Hack WordPress Sites Read More »

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild

exploited, Vulnerabilities, WordPress, WordPress plugin /

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild 2025-04-11 at 15:17 By Ionut Arghire A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild. The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild Read More »

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Malware & Threats, mu-plugins, Sucuri, Vulnerabilities, WordPress, WordPress plugin /

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory 2025-03-31 at 18:07 By Ionut Arghire Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory Read More »

8,000 New WordPress Vulnerabilities Reported in 2024

report, Vulnerabilities, vulnerability, WordPress /

8,000 New WordPress Vulnerabilities Reported in 2024 2025-03-17 at 18:14 By Ionut Arghire Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

8,000 New WordPress Vulnerabilities Reported in 2024 Read More »

MUT-1244 targeting security researchers, red teamers, and threat actors

Checkmarx, cryptojacking, data theft, Datadog, Don't miss, GitHub, Hot stuff, News, phishing, WordPress /

MUT-1244 targeting security researchers, red teamers, and threat actors 2024-12-16 at 17:33 By Zeljka Zorz A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order to steal AWS access keys, WordPress account credentials and other sensitive data. MUT-1244 has

React to this headline:

Loading spinner

MUT-1244 targeting security researchers, red teamers, and threat actors Read More »

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework

cyberattack, D-Link, phishing, SAML, Threat Actors, WordPress /

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework 2024-10-14 at 09:52 By dakshsharma16 Key Takeaways Overview The Cyble Vulnerability Intelligence unit identified several new cyberattacks during the week of Oct. 2-8. Among the targets are the Ruby SAML library, several D-Link NAS devices, the aiohttp client-server framework used for asyncio and Python, and a

React to this headline:

Loading spinner

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework Read More »

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan

Banking Trojan, Honeypot, vulnerability, WordPress /

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan 2024-10-01 at 08:46 By dakshsharma16 Key Takeaways Overview Cyble’s Threat Hunting service this week discovered multiple instances of exploit attempts, malware intrusions, financial fraud, and brute-force attacks via its network of Honeypot sensors. In the week of Sept. 18-24, Cyble researchers identified five recent active exploits, including new

React to this headline:

Loading spinner

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan Read More »

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks

Vulnerabilities, vulnerability, WordPress /

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks 2024-09-06 at 13:31 By Ionut Arghire A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies. The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks Read More »

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

Vulnerabilities, WordPress /

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites 2024-08-27 at 18:16 By Ionut Arghire A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server. The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on

React to this headline:

Loading spinner

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites Read More »

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites

plugin vulnerability, Vulnerabilities, WordPress /

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites 2024-08-22 at 13:31 By Eduard Kovacs A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user. The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on

React to this headline:

Loading spinner

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites Read More »

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

plugin, Vulnerabilities, vulnerability, WordPress /

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover 2024-08-20 at 18:16 By Ionut Arghire A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover Read More »

Compromised plugins found on WordPress.org

backdoor, Don't miss, Hot stuff, News, plugin, supply chain compromise, Wordfence, WordPress /

Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript

React to this headline:

Loading spinner

Compromised plugins found on WordPress.org Read More »

Several Plugins Compromised in WordPress Supply Chain Attack 

supply chain, Supply Chain Security, WordPress /

Several Plugins Compromised in WordPress Supply Chain Attack  2024-06-25 at 16:01 By Ionut Arghire Five WordPress plugins were injected with malicious code that creates a new administrative account. The post Several Plugins Compromised in WordPress Supply Chain Attack  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Several Plugins Compromised in WordPress Supply Chain Attack  Read More »

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

CVE-2023-40000, CVE-2023-6961, CVE-2024-2194, Fastly, Malware & Threats, Vulnerabilities, WordPress /

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors 2024-05-30 at 18:17 By Ionut Arghire Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites. The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors Read More »

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

cybercrime, WordPress /

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors 2024-04-26 at 13:16 By Ionut Arghire A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites. The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors Read More »

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Vulnerabilities, vulnerability, WordPress /

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites 2024-04-03 at 16:16 By Ionut Arghire A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites Read More »

Security Flaw in WP-Members Plugin Leads to Script Injection

Application Security, CVE-2024-1852, Vulnerabilities, Wordfence, WordPress, WP-Members /

Security Flaw in WP-Members Plugin Leads to Script Injection 2024-04-02 at 18:46 By Ionut Arghire A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Security Flaw in WP-Members Plugin Leads to Script Injection Read More »

Scroll to Top