-
A critical security flaw in the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is exposing sites to account takeover and privilege escalation attacks, with roughly 150,000 estimated to be running vulnerable versions in…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A widely used WordPress plugin powering over one million websites has been found vulnerable to two serious security flaws that could expose sensitive data and server files. Security researchers warn that the issues in the Avada Builder plugin could all…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious feature…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially m…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the popular CleanTalk Spam Protection plugin for WordPress exposes websites to complete takeover. Tracked as CVE-2026-1490, this high-severity flaw allows unauthenticated attackers to bypass authorization mechanisms and inst…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in the Anti-Malware Security and Brute-Force Firewall WordPress plugin, putting more than 100,000 websites at risk. The vulnerability, identified as CVE-2025-11705, allows authenticated attackers with basic …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
