Tag: wordpress
-
Beliebtes WordPress-Plugin versteckte jahrelang eine Hintertür
Das WordPress-Plugin Quick Page/Post Redirect mit 70.000 Installationen enthielt über fünf Jahre eine geheime Backdoor für SEO-Spam. Experten warnen vor unkontrollierten Code-Injektionen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/wordpress-plugin-hintertuer
-
Beliebtes WordPress-Plugin versteckte jahrelang eine Hintertür
Das WordPress-Plugin Quick Page/Post Redirect mit 70.000 Installationen enthielt über fünf Jahre eine geheime Backdoor für SEO-Spam. Experten warnen vor unkontrollierten Code-Injektionen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/wordpress-plugin-hintertuer
-
Beliebtes WordPress-Plugin versteckte jahrelang eine Hintertür
Das WordPress-Plugin Quick Page/Post Redirect mit 70.000 Installationen enthielt über fünf Jahre eine geheime Backdoor für SEO-Spam. Experten warnen vor unkontrollierten Code-Injektionen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/wordpress-plugin-hintertuer
-
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery
A long-dormant backdoor has been uncovered in the >>Quick Page/Post Redirect Plugin,<< a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious features. First, it featured a passive content injection mechanism. On every page viewed by a logged-out user, the plugin connected to a third-party server…
-
Popular WordPress redirect plugin hid dormant backdoor for years
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-wordpress-redirect-plugin-hid-dormant-backdoor-for-years/
-
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)
Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to upload files to a server without authentication. The vulnerability has already been used in…
-
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-file-upload-bug-in-breeze-cache-wordpress-plugin/
-
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-file-upload-bug-in-breeze-cache-wordpress-plugin/
-
WordPress-Plugins deaktiviert: Backdoor-Angriff trifft über 400.000 Installationen
First seen on t3n.de Jump to article: t3n.de/news/wordpress-plugins-deaktiviert-1738354/
-
Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites
More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. The post Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-malicious-wordpress-plugins-backdoor-april-2026/
-
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
-
Someone planted backdoors in dozens of WordPress plugins used in thousands of websites
Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
-
Hackers Exploit Kali Forms Vulnerability to Take Over WordPress Sites
A recently disclosed Kali Forms vulnerability affecting a widely used WordPress plugin has escalated into an active security threat, enabling unauthenticated attackers to achieve Remote Code Execution on affected websites. The flaw impacts Kali Forms, a drag-and-drop form builder with more than 10,000 active installations, and has already been exploited in the wild shortly after…
-
WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass
A newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to 5.1.2, the vulnerability allows remote attackers to gain full administrative access without valid credentials. The affected plugin, widely used to manage user registration and membership…
-
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor.The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its…
-
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/smart-slider-updates-hijacked-to-push-malicious-wordpress-joomla-versions/
-
Emdash: Cloudflares WordPress-Alternative mit Kostenfallen-Potenzial
Tags: wordpressEchte WordPress-Alternative oder Lockangebot für Cloudflares Ökosystem? Nur dort funktioniert das zentrale Feature des CMS Emdash. First seen on golem.de Jump to article: www.golem.de/news/emdash-cloudflares-wordpress-alternative-mit-kostenfallen-potenzial-2604-207393.html
-
Critical Vulnerability in Ninja Forms Exposes WordPress Sites
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flaw-ninja-forms-wordpress/
-
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/
-
50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE
A severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-0740, this unauthenticated arbitrary file upload vulnerability carries a maximum critical CVSS score of 9.8. With an estimated 50,000…
-
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare launches EmDash CMS, an AI-powered platform built to fix WordPress security flaws with sandboxed plugins, serverless scaling, and passkey auth. First seen on hackread.com Jump to article: hackread.com/cloudflare-wordpress-ai-powered-emdash-cms/
-
Hackers Breach ILSpy WordPress Domain to Deliver Malware
The official WordPress website for ILSpy, a highly popular open-source tool used by software developers to examine .NET code, has been compromised. Hackers successfully breached the site to redirect visitors and deliver malware, turning a trusted developer resource into a dangerous trap. The Redirection Attack Cybersecurity research group vx-underground confirmed the breach after receiving video…
-
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative
The next wave of web development: In an interview with Computerworld, Cloudflare senior product manager Matt Taylor said his team sees the project as the next wave of web development platforms.”There is a whole new generation of developers, and WordPress is old news to them. If you are starting today, there is no way you…
-
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies. First seen on hackread.com Jump to article: hackread.com/imagemagick-zero-day-rce-linux-wordpress-servers/
-
File read flaw in Smart Slider plugin impacts 500K WordPress sites
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/file-read-flaw-in-smart-slider-plugin-impacts-500k-wordpress-sites/
-
File read flaw in Smart Slider plugin impacts 500K WordPress sites
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/file-read-flaw-in-smart-slider-plugin-impacts-500k-wordpress-sites/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware malware analysis DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]…
-
Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg – involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you’re immune? First…