Tag: wordpress
-
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites.The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens First seen…
-
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/
-
14,971 WordPress Sites Cleaned in Global SocGholish Takedown
Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint action week against SocGholish, one of the most persistent and widely deployed malware distribution networks…
-
Cybercrime Initial Access Service SocGholish Disrupted
Police Seize Evil Corp-Tied Group’s Servers, Clean Subverted WordPress Sites. Long-running initial access service provider SocGholish, tied to Russian cybercrime stalwart Evil Corp, has been disrupted by law enforcement, which seized 106 botnet servers and cleaned 15,000 legitimate WordPress sites subverted by the group to launch ClickFix attacks pushing malware downloaders. First seen on govinfosecurity.com…
-
Critical WordPress Plugin Bug Could Allow File Deletion Attacks on 1 Million Sites
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attackers to delete arbitrary files and potentially compromise entire websites across more than one million installations. Identified as CVE-2026-8713 and assigned a CVSS score of 9.1, the vulnerability affects all plugin versions up to…
-
Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites.”With these actions we deprive cybercriminals of access to infected computer systems,” Maikel Rollman of the Netherlands National High Tech Crime Unit said.”This prevents First seen on…
-
Polizei greift durch: Malware über 15.000 gehackte Webseiten verbreitet
Eine russische Hackergruppe hat massenhaft WordPress-Webseiten gekapert, um Besuchern Malware unterzuschieben. Doch damit ist jetzt Schluss. First seen on golem.de Jump to article: www.golem.de/news/polizei-greift-durch-malware-ueber-15-000-gehackte-webseiten-verbreitet-2606-209944.html
-
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/law-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites/
-
ShapedPlugin update flow hacked to infect WordPress sites
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor’s official update system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/
-
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API keys and authentication tokens. The vulnerability, tracked as CVE-2026-4020 with a CVSS score of 5.3, affects all versions up to and including 2.1.4 and exposes more than 100,000 websites to potential…
-
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research.The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted…
-
Hackers Inject Malicious JavaScript Into WordPress Sites to Deploy ErrTraffic ClickFix Lures
Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit WordPress vulnerabilities to inject a single line of JavaScript that visually glitches websites, then trick users into executing malicious PowerShell commands under the…
-
Hackers Inject Malicious JavaScript Into WordPress Sites to Deploy ErrTraffic ClickFix Lures
Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit WordPress vulnerabilities to inject a single line of JavaScript that visually glitches websites, then trick users into executing malicious PowerShell commands under the…
-
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery
-
Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain
In April 2026, incident responders traced a sophisticated intrusion that abused compromised WordPress sites to deliver GULoader via an EtherHiding → ClickFix → UNC-chain. The real-world ClickFix incident produced convergent evidence from an ANY.RUN sandbox detonation and live EDR telemetry, revealing a complete, user-initiated attack path from a WordPress mu-plugin backdoor to a blocked rundll32.exe…
-
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects the TrustPulse and PushEngage plugins, both developed by Awesome Motive, significantly amplifying the attack surface across millions of WordPress deployments. The attackers tampered with legitimate JavaScript files delivered via Awesome…
-
OptinMonster WordPress plugin hacked in CDN supply-chain attack
WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/
-
Attackers Hijack Popular WordPress Plugins to Deploy Backdoors
Tampered OptinMonster and sister plugins plant hidden backdoors on 1.2 million WordPress sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-plugin-supply-chain/
-
Hacker manipulieren populäre WordPress-Plugins
Ein Angreifer hat JavaScript-Dateien von drei WordPress-Plugins manipuliert, um unbemerkt administrative Hintertüren auf Webseiten zu installieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/wordpress-plugins-hacker
-
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a…
-
Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN
Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest WordPress plugin companies in the world. The malicious JavaScript wasn’t sitting on any victim’s server.…
-
Backdoor eingeschleust: Supply-Chain-Angriff gefährdet Millionen von Websites
Ein Angreifer hat über mehrere populäre Plug-ins Schadcode verbreitet, der unter WordPress heimlich eine Backdoor mit Admin-Zugriff einrichtet. First seen on golem.de Jump to article: www.golem.de/news/backdoor-eingeschleust-supply-chain-angriff-gefaehrdet-millionen-von-websites-2606-209767.html
-
Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access
Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked. Researcher h0xilo submitted a flaw in Everest Forms Pro for WordPress, tracked as CVE-2026-3300, to Wordfence’s bug bounty program and earned $325 for it. WPEverest patched the flaw on March 18. Wordfence published a full…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Targeting WordPress Abuses Steam Community Profiles for Command & Control Operations Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan…
-
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/
-
WordPress Kirki plugin vulnerability allows account takeover
First seen on scworld.com Jump to article: www.scworld.com/brief/wordpress-kirki-plugin-vulnerability-allows-account-takeover
-
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12.…
-
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12.…
-
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/everest-forms-pro-rce-actively/
-
WordPress Plugin Flaw Opens Door to Privilege Escalation Attacks Across 500,000+ Sites
A critical security flaw in the Kirki Freeform Page Builder, Website Builder & Customizer WordPress plugin is exposing sites to account takeover and privilege escalation attacks, with roughly 150,000 estimated to be running vulnerable versions introduced in the 6.0 release. Tracked as CVE-2026-8206 and rated 9.8 (Critical), the bug affects Kirki versions 6.0.0 through […]…