Tag: wordpress
-
Widespread WordPress site compromise likely with WP Ultimate CSV Importer bugs
by
in SecurityNews
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/widespread-wordpress-site-compromise-likely-with-wp-ultimate-csv-importer-bugs
-
20,000 WordPress Sites at Risk of File Upload Deletion Exploits
by
in SecurityNewsA critical security alert has been issued to WordPress site administrators following the discovery of two high-severity vulnerabilities in the >>WP Ultimate CSV Importer
-
WordPress attackers hide malware in overlooked plugins directory
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/wordpress-attackers-hide-malware-in-overlooked-plugins-directory
-
Hackers exploit little-known WordPress MU-plugins feature to hide malware
A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/hackers-exploit-little-known-wordpress-mu-plugins-feature-to-hide-malware
-
Hiding WordPress malware in the mu-plugins directory to avoid detection
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. >>Unlike regular plugins, must-use plugins are automatically loaded on every page load,…
-
Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution
by
in SecurityNewsSecurity researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the exploitation of the >>mu-plugins
-
Hackers abuse WordPress MU-Plugins to hide malicious code
by
in SecurityNewsHackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-wordpress-mu-plugins-to-hide-malicious-code/
-
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
by
in SecurityNewsSucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/threat-actors-deploy-wordpress-malware-in-mu-plugins-directory/
-
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.mu-plugins, short for must-use plugins, refers to plugins in a special directory (“wp-content/mu-plugins”) that are automatically executed by WordPress without the need to enable them explicitly via…
-
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.mu-plugins, short for must-use plugins, refers to plugins in a special directory (“wp-content/mu-plugins”) that are automatically executed by WordPress without the need to enable them explicitly via…
-
The 4 WordPress flaws hackers targeted the most in Q1 2025
by
in SecurityNewsA new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-four-wordpress-flaws-hackers-targeted-the-most-in-q1-2025/
-
WordPress Plugin Vulnerability Opens Door to SQL Injection Exploits
by
in SecurityNewsA critical vulnerability in the popular WordPress plugin GamiPress has been uncovered, leaving users exposed to unauthenticated SQL injection attacks. The issue, assigned the identifier CVE-2024-13496, carries a high CVSS 3.1 score of 7.5, indicating significant potential for exploitation. CVE-2024-13496 was discovered during a security assessment of GamiPress version 7.2.1. The vulnerability affects all versions…
-
WordPress Plugin Vulnerability Opens Door to SQL Injection Exploits
by
in SecurityNewsA critical vulnerability in the popular WordPress plugin GamiPress has been uncovered, leaving users exposed to unauthenticated SQL injection attacks. The issue, assigned the identifier CVE-2024-13496, carries a high CVSS 3.1 score of 7.5, indicating significant potential for exploitation. CVE-2024-13496 was discovered during a security assessment of GamiPress version 7.2.1. The vulnerability affects all versions…
-
WordPress Plugin Flaw Exposes 200,000+ Sites at Risk of Code Execution
by
in SecurityNewsA critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code Execution (RCE) attacks on nearly all server environments. The vulnerability has been addressed in the…
-
VexTrio Using 20,000 Hacked WordPress Sites in Traffic Redirect Scheme
by
in SecurityNewsA massive cybercrime network known as VexTrio is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/vextrio-20000-hacked-wordpress-sites-traffic-redirect-scheme
-
Thousands of WordPress sites impacted by multi-year DollyWay campaign
by
in SecurityNews
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-wordpress-sites-impacted-by-multi-year-dollyway-campaign
-
DollyWay Campaign Compromises Thousands of WordPress Sites
by
in SecurityNews
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/dollyway-campaign-compromises-thousands-of-wordpress-sites
-
WordPress security plugin WP Ghost vulnerable to remote code execution bug
by
in SecurityNewsPopular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-security-plugin-wp-ghost-vulnerable-to-remote-code-execution-bug/
-
Massive >>DollyWay<< Malware Attack Compromises 20,000+ WordPress Sites Worldwide
A significant malware operation, dubbed >>DollyWay,
-
Malware campaign ‘DollyWay’ breached 20,000 WordPress sites
by
in SecurityNewsA malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/
-
8,000 New WordPress Vulnerabilities Reported in 2024
by
in SecurityNewsNearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/8000-new-wordpress-vulnerabilities-reported-in-2024/
-
Best WordPress Plugins for Cybersecurity 2025
by
in SecurityNewsWordPress is a great platform for building websites, but it is also a common target for hackers. Keeping your website safe is important to protect your data, visitors, and business. Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023. Using security plugins can help reduce risks and keep your…
-
Malicious backdoor-deploying JavaScript facilitates widespread WordPress site compromise
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/malicious-backdoor-deploying-javascript-facilitates-widespread-wordpress-site-compromise
-
WordPress Sites Compromised by JavaScript Backdoors
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/wordpress-sites-compromised-by-javascript-backdoors
-
Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites
by
in SecurityNewsAn arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flaw-chaty-pro-plugin-18k/
-
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability
by
in SecurityNewsA critical security flaw in the widely usedGiveWP Donation Plugin and Fundraising Platformhas left over 10,000 WordPress websites vulnerable to remote code execution attacks since March 3, 2025. Tracked as CVE-2025-0912, the vulnerability allows unauthenticated attackers to hijack sites by exploiting a deserialization flaw in versions 3.19.4 and earlier. Vulnerability Overview The vulnerability stems from […]…
-
Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw
by
in SecurityNewsA critical security vulnerability in theEssential Addons for Elementorplugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via malicious URL parameters. The flaw, tracked as CVE-2025-24752 and scoring 7.1 (High) on the CVSS scale, allowed attackers to execute reflected cross-site scripting (XSS) attacks by exploiting insufficient input sanitization in the plugin’s password reset…
-
Essential Addons for Elementor XSS Vulnerability Discovered
by
in SecurityNewsElementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/elementor-plugin-vulnerability-2m/
-
WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack
by
in SecurityNewsA flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-plugin-flaw-exposes/
-
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
by
in SecurityNewsA critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability…