WordPress

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

exploited, Vulnerabilities, vulnerability, WordPress /

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data 2026-06-22 at 14:45 By Ionut Arghire Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Read More »

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown 

botnet, law enforcement, Malware & Threats, SocGholish, takedown, Tracking & Law Enforcement, WordPress /

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  2026-06-19 at 09:46 By Ionut Arghire Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame. The post 15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  Read More »

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned

Don't miss, Hot stuff, Infoblox, law enforcement, Malware, News, Proofpoint, WordPress /

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned 2026-06-18 at 17:21 By Zeljka Zorz SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned Read More »

Everest Forms Vulnerability Exploited to Hack WordPress Sites

exploited, Vulnerabilities, vulnerability, WordPress /

Everest Forms Vulnerability Exploited to Hack WordPress Sites 2026-06-08 at 16:16 By Ionut Arghire The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Everest Forms Vulnerability Exploited to Hack WordPress Sites Read More »

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

exploited, plugin vulnerability, Vulnerabilities, WordPress /

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs 2026-06-03 at 20:19 By Ionut Arghire Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs Read More »

$20 per zero-day is already the WordPress plugin reality

0-day, AI, conferences, cybersecurity, Don't miss, Hot stuff, News, research, Trend Micro, WordPress /

$20 per zero-day is already the WordPress plugin reality 2026-05-22 at 17:05 By Mirko Zorz Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer,

$20 per zero-day is already the WordPress plugin reality Read More »

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

exploited, Ninja Forms, Vulnerabilities, WordPress /

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover 2026-04-08 at 15:06 By Ionut Arghire The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution. The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek. This article is an

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover Read More »

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks

Ally, plugin, plugin vulnerability, Vulnerabilities, vulnerability, WordPress /

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks 2026-03-12 at 14:43 By Ionut Arghire The issue allows attackers to inject SQL queries and extract sensitive information from the database. The post Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks Read More »

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

exploited, Vulnerabilities, vulnerability, WordPress /

Critical King Addons Vulnerability Exploited to Hack WordPress Sites 2025-12-03 at 15:39 By Ionut Arghire A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from

Critical King Addons Vulnerability Exploited to Hack WordPress Sites Read More »

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

exploited, Vulnerabilities, vulnerability, WordPress /

Year-Old WordPress Plugin Flaws Exploited to Hack Websites 2025-10-27 at 12:57 By Ionut Arghire Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Year-Old WordPress Plugin Flaws Exploited to Hack Websites Read More »

Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations

email security, exploited, Post SMTP, Vulnerabilities, WordPress /

Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations 2025-07-28 at 11:33 By Eduard Kovacs The Post SMTP email delivery WordPress plugin is affected by a critical vulnerability and half of websites using it remain unpatched. The post Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations appeared first on SecurityWeek.

Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations Read More »

Hackers Inject Malware Into Gravity Forms WordPress Plugin 

Malware, Vulnerabilities, WordPress, WordPress plugin /

Hackers Inject Malware Into Gravity Forms WordPress Plugin  2025-07-14 at 12:32 By Ionut Arghire Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply chain attack. The post Hackers Inject Malware Into Gravity Forms WordPress Plugin  appeared first on SecurityWeek. This article is an excerpt from

Hackers Inject Malware Into Gravity Forms WordPress Plugin  Read More »

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

Vulnerabilities, vulnerability, WordPress, WordPress plugin /

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover 2025-07-02 at 13:18 By Ionut Arghire A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover Read More »

Motors Theme Vulnerability Exploited to Hack WordPress Websites

exploited, Vulnerabilities, vulnerability, WordPress /

Motors Theme Vulnerability Exploited to Hack WordPress Websites 2025-06-20 at 14:22 By Ionut Arghire Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords. The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Motors Theme Vulnerability Exploited to Hack WordPress Websites Read More »

Second OttoKit Vulnerability Exploited to Hack WordPress Sites

exploited, Vulnerabilities, WordPress, WordPress plugin /

Second OttoKit Vulnerability Exploited to Hack WordPress Sites 2025-05-07 at 12:16 By Ionut Arghire Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges. The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Second OttoKit Vulnerability Exploited to Hack WordPress Sites Read More »

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild

exploited, Vulnerabilities, WordPress, WordPress plugin /

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild 2025-04-11 at 15:17 By Ionut Arghire A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild. The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild Read More »

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Malware & Threats, mu-plugins, Sucuri, Vulnerabilities, WordPress, WordPress plugin /

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory 2025-03-31 at 18:07 By Ionut Arghire Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory Read More »

8,000 New WordPress Vulnerabilities Reported in 2024

report, Vulnerabilities, vulnerability, WordPress /

8,000 New WordPress Vulnerabilities Reported in 2024 2025-03-17 at 18:14 By Ionut Arghire Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

8,000 New WordPress Vulnerabilities Reported in 2024 Read More »

MUT-1244 targeting security researchers, red teamers, and threat actors

Checkmarx, cryptojacking, data theft, Datadog, Don't miss, GitHub, Hot stuff, News, phishing, WordPress /

MUT-1244 targeting security researchers, red teamers, and threat actors 2024-12-16 at 17:33 By Zeljka Zorz A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order to steal AWS access keys, WordPress account credentials and other sensitive data. MUT-1244 has

MUT-1244 targeting security researchers, red teamers, and threat actors Read More »

Scroll to Top