Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data...
WordPress
King Addons flaw lets anyone become WordPress admin
King Addons flaw lets anyone become WordPress admin Pierluigi Paganini December 03, 2025 Hackers are exploiting a King Addons flaw...
Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws
Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws Pierluigi Paganini October 27, 2025 Hackers exploited old RCE...
CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts
CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts Pierluigi Paganini October 09, 2025 Threat actors are exploiting a critical...
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed...
Beware! A threat actor could steal the titles of your private (and draft) WordPress posts!
As of today, almost a billion sites have been built using WordPress, powering businesses and organizations of all sizes. That...
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The...
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin....
A large-scale phishing campaign targets WordPress WooCommerce users
A large-scale phishing campaign targets WordPress WooCommerce users Pierluigi Paganini April 28, 2025 A large-scale phishing campaign targets WordPress WooCommerce...
A large-scale phishing campaign targets WordPress WooCommerce users
A large-scale phishing campaign targets WordPress WooCommerce users Pierluigi Paganini April 28, 2025 A large-scale phishing campaign targets WordPress WooCommerce...
WordPress mu-Plugins Vulnerable to Spam Injections and Site Image Hijacking by Cybercriminals
Malicious actors are leveraging the "mu-plugins" folder within WordPress websites to hide harmful scripts, aiming to sustain continuous unauthorized entry...
More than 1,000 WordPress Websites Contaminated with JavaScript Backdoors Enabling Ongoing Attacker Entry
Above 1,000 sites running on WordPress have been corrupted with an external JavaScript script that inserts four distinct access points....
Gootloader from the Inside Out
The Gootloader malicious software family utilizes an identifiable form of social engineering to contaminate computers: The individuals behind it entice...
An Excess of 390,000 WordPress Logins Taken through Malicious GitHub Repository Hosting Experimental Exploitations
A GitHub repository that has been taken down recently, which promoted a WordPress utility for sharing posts on the internet...
Discovered Flaw in WordPress Pal Companion Extension Utilized to Covertly Deploy Insecure Extensions
Unscrupulous individuals are taking advantage of a crucial weakness in the Pal Companion extension for WordPress to deploy additional insecure...
