New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
Swati KhandelwalJul 17, 2026Vulnerability / Web Security An anonymous HTTP request can run code on a WordPress site. The bug...
Swati KhandelwalJul 17, 2026Vulnerability / Web Security An anonymous HTTP request can run code on a WordPress site. The bug...
Ravie LakshmananJun 22, 2026Supply Chain Attack / Malware Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack...
Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access Pierluigi Paganini June 08, 2026 Hackers exploit CVE-2026-3300 in Everest...
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active...
GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure Pierluigi Paganini June 02, 2026 Malware on approximately...
CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password Pierluigi Paganini June 01,...
Image: Justin Morgan/Unsplash A web developer discovered dozens of malicious WordPress plugins with buried backdoors that had compromised thousands of...
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg...
Image: Adobe A vulnerability in a widely used WordPress accessibility plugin could allow attackers to steal sensitive data from affected...
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites Pierluigi Paganini March 12, 2026 An unauthenticated SQL injection...
Modern WordPress portals in enterprise environments serve employees, partners, vendors, and customers across multiple systems. These portals often connect...