-
Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit Wo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects the TrustPulse and PushEngage plugins, both developed by Awesome Motive, si…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is exposing sites to account takeover and privilege escalation attacks, with roughly 150,000 estimated to be running vulnerable versions in…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A widely used WordPress plugin powering over one million websites has been found vulnerable to two serious security flaws that could expose sensitive data and server files. Security researchers warn that the issues in the Avada Builder plugin could all…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in a widely used WordPress plugin has exposed more than 200,000 websites to potential takeover, raising urgent concerns across the security community. Security researchers at Wordfence, using their AI-driven PRISM platform, hav…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious feature…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers secretly planted a remote code-execution backdoor in more than 30 popular WordPress plugins, leaving it dormant for about 8 months before activating malware that rewrote wp-config.php and injected cloaked SEO spam at scale. The incident centers…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloudflare launches EmDash CMS, an AI-powered platform built to fix WordPress security flaws with sandboxed plugins, serverless scaling, and passkey auth.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
