Tag: wordpress
-
WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution
A severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of public disclosure. WordPress site administrators must immediately update to version 8.4 or later to prevent complete site compromise. On June 10th, 2025, a remote code execution vulnerability was discovered in…
-
WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution
A severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of public disclosure. WordPress site administrators must immediately update to version 8.4 or later to prevent complete site compromise. On June 10th, 2025, a remote code execution vulnerability was discovered in…
-
WordPress Plugin Vulnerability Under Active Attack, Allowing Remote Code Execution
A severe remote code execution vulnerability in the Sneeit Framework WordPress plugin is under active exploitation, with attackers launching thousands of attacks within hours of public disclosure. WordPress site administrators must immediately update to version 8.4 or later to prevent complete site compromise. On June 10th, 2025, a remote code execution vulnerability was discovered in…
-
King Addons flaw lets anyone become WordPress admin
Hackers are exploiting a King Addons flaw (CVE-2025-8489) that lets anyone register and instantly gain admin privileges on WordPress sites. Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for Elementor that allows unauthenticated users to create admin accounts via a registration privilege bug. King…
-
Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-flaw-in-wordpress-add-on-for-elementor-exploited-in-attacks/
-
PoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCE
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as CVE-2025-9501, allows attackers to execute arbitrary code on vulnerable websites under specific conditions. Field Details CVE ID CVE-2025-9501 Affected Product…
-
PoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCE
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as CVE-2025-9501, allows attackers to execute arbitrary code on vulnerable websites under specific conditions. Field Details CVE ID CVE-2025-9501 Affected Product…
-
W3 Total Cache WordPress plugin vulnerable to PHP command injection
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/w3-total-cache-wordpress-plugin-vulnerable-to-php-command-injection/
-
NDSS 2025 EvoCrawl: Exploring Web Application Code And State Using Evolutionary Search
SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Xiangyu Guo (University of Toronto), Akshay Kawlay (University of Toronto), Eric Liu (University of Toronto), David Lie (University of Toronto) ———– PAPER EvoCrawl: Exploring Web Application Code and State using Evolutionary Search As more critical services move onto the web, it has become increasingly…
-
NDSS 2025 EvoCrawl: Exploring Web Application Code And State Using Evolutionary Search
SESSION Session 3C: Mobile Security ———– ———– Authors, Creators & Presenters: Xiangyu Guo (University of Toronto), Akshay Kawlay (University of Toronto), Eric Liu (University of Toronto), David Lie (University of Toronto) ———– PAPER EvoCrawl: Exploring Web Application Code and State using Evolutionary Search As more critical services move onto the web, it has become increasingly…
-
W3 Total Cache Vulnerability Puts Over One Million WordPress Sites at Risk
A severe security flaw has been discovered in the popular W3 Total Cache WordPress plugin, potentially exposing more than one million websites to remote code execution (RCE). The vulnerability, of First seen on thecyberexpress.com Jump to article: thecyberexpress.com/w3-total-cache-cve-2025-9501-wordpress-risk/
-
W3 Total Cache Security Vulnerability Exposes One Million WordPress Sites to RCE
A critical security flaw has been discovered in the widely used W3 Total Cache WordPress plugin, putting over 1 million websites at serious risk. The vulnerability allows attackers to take complete control of affected websites without needing any login credentials. Field Value CVE ID CVE-2025-9501 Plugin Name W3 Total Cache Affected Versions Before 2.8.13 Fixed…
-
W3 Total Cache Security Vulnerability Exposes One Million WordPress Sites to RCE
A critical security flaw has been discovered in the widely used W3 Total Cache WordPress plugin, putting over 1 million websites at serious risk. The vulnerability allows attackers to take complete control of affected websites without needing any login credentials. Field Value CVE ID CVE-2025-9501 Plugin Name W3 Total Cache Affected Versions Before 2.8.13 Fixed…
-
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress.The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of…
-
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress.The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of…
-
AI Engine Flaw Exposes 100,000 WordPress Sites to Attack
A flaw in the AI Engine plugin exposed 100,000 WordPress sites to takeover attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-wordpress-vulnerability-100k-impact/
-
NDSS 2025 The (Un)usual Suspects Studying Reasons For Lacking Updates In WordPress
SESSION Session 2B: Web Security Authors, Creators & Presenters: Maria Hellenthal (CISPA Helmholtz Center for Information Security), Lena Gotsche (CISPA Helmholtz Center for Information Security), Rafael Mrowczynski (CISPA Helmholtz Center for Information Security), Sarah Kugel (Saarland University), Michael Schilling (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security) PAPER The…
-
NDSS 2025 The (Un)usual Suspects Studying Reasons For Lacking Updates In WordPress
SESSION Session 2B: Web Security Authors, Creators & Presenters: Maria Hellenthal (CISPA Helmholtz Center for Information Security), Lena Gotsche (CISPA Helmholtz Center for Information Security), Rafael Mrowczynski (CISPA Helmholtz Center for Information Security), Sarah Kugel (Saarland University), Michael Schilling (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security) PAPER The…
-
Critical Site Takeover Flaw Affects 400K WordPress Sites
Attackers are already targeting a vulnerability in the Post SMTP plugin that allows them to fully compromise an account and website for nefarious purposes. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-site-takeover-flaw-400k-wordpress-sites
-
Critical Site Takeover Flaw Affects 400K WordPress Sites
Attackers are already targeting a vulnerability in the Post SMTP plugin that allows them to fully compromise an account and website for nefarious purposes. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-site-takeover-flaw-400k-wordpress-sites
-
AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks
A critical vulnerability discovered in the AI Engine WordPress plugin threatens over 100,000 active installations worldwide. On October 4th, 2025, security researchers identified a Sensitive Information Exposure vulnerability that allows unauthenticated attackers to extract bearer tokens and escalate their privileges to administrator level. The vulnerability, tracked as CVE-2025-11749 with a CVSS rating of 9.8 (Critical),…
-
Hackers exploit WordPress plugin Post SMTP to hijack admin accounts
Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-post-smtp-to-hijack-admin-accounts/
-
Hackers exploit WordPress plugin Post SMTP to hijack admin accounts
Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-post-smtp-to-hijack-admin-accounts/
-
Critical WordPress Post SMTP Plugin Vulnerability Puts 400,000 Sites at Risk of Account Takeover
A critical vulnerability has been discovered in the Post SMTP WordPress plugin, affecting over 400,000 active installations across the web. The vulnerability, identified as CVE-2025-11833 with a CVSS score of 9.8, allows unauthenticated attackers to access sensitive email logs and execute account takeover attacks on vulnerable WordPress sites. Researchers have already documented over 4,500 exploitation…
-
Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-auth-bypass-flaw-in-jobmonster-wordpress-theme/
-
Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-auth-bypass-flaw-in-jobmonster-wordpress-theme/
-
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
-
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
-
Mass Attack Targets WordPress via GutenKit and Hunk Companion Plugins
Mass exploitation attacks are once again targeting WordPress websites, this time through serious vulnerabilities in two popular plugins,… First seen on hackread.com Jump to article: hackread.com/wordpress-mass-attack-gutenkit-hunk-companion-plugins/
-
Critical WordPress Plugin Bugs Exploited En Masse
Wordfence says threat actors are trying to exploit three critical vulnerabilities from 2024 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-wordpress-plugin-bugs/