Collecting Cyber-News from over 60 sources

Tag: wordpress

WordPress attackers hide malware in overlooked plugins directory

Apr 1, 2025 9:55 PM

Tags: malware, wordpress

First seen on scworld.com Jump to article: www.scworld.com/news/wordpress-attackers-hide-malware-in-overlooked-plugins-directory
Hackers exploit little-known WordPress MU-plugins feature to hide malware

Apr 1, 2025 11:58 AM

Tags: access, exploit, hacker, malicious, malware, wordpress

A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/hackers-exploit-little-known-wordpress-mu-plugins-feature-to-hide-malware
Hiding WordPress malware in the mu-plugins directory to avoid detection

Apr 1, 2025 11:36 AM

Tags: backdoor, detection, exploit, malware, threat, wordpress

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. >>Unlike regular plugins, must-use plugins are automatically loaded on every page load,…
Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution

Mar 31, 2025 9:19 PM

Tags: cyber, cyberattack, exploit, malware, remote-code-execution, threat, wordpress

Security researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the exploitation of the >>mu-plugins
Hackers abuse WordPress MU-Plugins to hide malicious code

Mar 31, 2025 8:19 PM

Tags: hacker, malicious, wordpress

Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-wordpress-mu-plugins-to-hide-malicious-code/
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Mar 31, 2025 6:20 PM

Tags: malware, threat, wordpress

Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/threat-actors-deploy-wordpress-malware-in-mu-plugins-directory/
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Mar 31, 2025 4:13 PM

Tags: access, exploit, hacker, malicious, spam, threat, wordpress

Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.mu-plugins, short for must-use plugins, refers to plugins in a special directory (“wp-content/mu-plugins”) that are automatically executed by WordPress without the need to enable them explicitly via…
The 4 WordPress flaws hackers targeted the most in Q1 2025

Mar 27, 2025 6:34 PM

Tags: flaw, hacker, vulnerability, wordpress

A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-four-wordpress-flaws-hackers-targeted-the-most-in-q1-2025/
WordPress Plugin Vulnerability Opens Door to SQL Injection Exploits

Mar 24, 2025 1:14 PM

Tags: cve, cvss, cyber, data-breach, exploit, injection, sql, vulnerability, wordpress

A critical vulnerability in the popular WordPress plugin GamiPress has been uncovered, leaving users exposed to unauthenticated SQL injection attacks. The issue, assigned the identifier CVE-2024-13496, carries a high CVSS 3.1 score of 7.5, indicating significant potential for exploitation. CVE-2024-13496 was discovered during a security assessment of GamiPress version 7.2.1. The vulnerability affects all versions…
WordPress Plugin Flaw Exposes 200,000+ Sites at Risk of Code Execution

Mar 24, 2025 9:13 AM

Tags: attack, cve, cyber, flaw, remote-code-execution, risk, vulnerability, wordpress

A critical security vulnerability has been discovered in the popular WordPress plugin, WP Ghost, which boasts over 200,000 active installations. This flaw, tracked as CVE-2025-26909, concerns an unauthenticated Local File Inclusion (LFI) vulnerability that could potentially lead to Remote Code Execution (RCE) attacks on nearly all server environments. The vulnerability has been addressed in the…
VexTrio Using 20,000 Hacked WordPress Sites in Traffic Redirect Scheme

Mar 21, 2025 3:13 PM

Tags: cybercrime, network, wordpress

A massive cybercrime network known as VexTrio is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/vextrio-20000-hacked-wordpress-sites-traffic-redirect-scheme
Thousands of WordPress sites impacted by multi-year DollyWay campaign

Mar 20, 2025 10:13 PM

Tags: wordpress

First seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-wordpress-sites-impacted-by-multi-year-dollyway-campaign
DollyWay Campaign Compromises Thousands of WordPress Sites

Mar 20, 2025 10:13 PM

Tags: wordpress

First seen on scworld.com Jump to article: www.scworld.com/brief/dollyway-campaign-compromises-thousands-of-wordpress-sites
WordPress security plugin WP Ghost vulnerable to remote code execution bug

Mar 20, 2025 5:13 PM

Tags: flaw, remote-code-execution, vulnerability, wordpress

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-security-plugin-wp-ghost-vulnerable-to-remote-code-execution-bug/
Massive >>DollyWay<< Malware Attack Compromises 20,000+ WordPress Sites Worldwide

Mar 20, 2025 2:13 PM

Tags: attack, control, cyber, malware, network, wordpress

A significant malware operation, dubbed >>DollyWay,
Malware campaign ‘DollyWay’ breached 20,000 WordPress sites

Mar 20, 2025 1:13 AM

Tags: malicious, malware, wordpress

A malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/
8,000 New WordPress Vulnerabilities Reported in 2024

Mar 17, 2025 5:52 PM

Tags: vulnerability, wordpress

Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/8000-new-wordpress-vulnerabilities-reported-in-2024/
Best WordPress Plugins for Cybersecurity 2025

Mar 15, 2025 12:52 AM

Tags: attack, cyber, cybercrime, cybersecurity, data, risk, wordpress

WordPress is a great platform for building websites, but it is also a common target for hackers. Keeping your website safe is important to protect your data, visitors, and business. Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023. Using security plugins can help reduce risks and keep your…
WordPress Sites Compromised by JavaScript Backdoors

Mar 7, 2025 9:54 PM

Tags: backdoor, wordpress

First seen on scworld.com Jump to article: www.scworld.com/brief/wordpress-sites-compromised-by-javascript-backdoors
Malicious backdoor-deploying JavaScript facilitates widespread WordPress site compromise

Mar 7, 2025 9:54 PM

Tags: backdoor, malicious, wordpress

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-backdoor-deploying-javascript-facilitates-widespread-wordpress-site-compromise
Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites

Mar 6, 2025 6:53 PM

Tags: vulnerability, wordpress

An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flaw-chaty-pro-plugin-18k/
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability

Mar 5, 2025 1:34 PM

Tags: attack, cyber, data-breach, exploit, flaw, remote-code-execution, vulnerability, wordpress

A critical security flaw in the widely usedGiveWP Donation Plugin and Fundraising Platformhas left over 10,000 WordPress websites vulnerable to remote code execution attacks since March 3, 2025. Tracked as CVE-2025-0912, the vulnerability allows unauthenticated attackers to hijack sites by exploiting a deserialization flaw in versions 3.19.4 and earlier. Vulnerability Overview The vulnerability stems from […]…
Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw

Feb 26, 2025 9:23 AM

Tags: attack, cvss, cyber, data-breach, exploit, flaw, injection, malicious, password, vulnerability, wordpress

A critical security vulnerability in theEssential Addons for Elementorplugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via malicious URL parameters. The flaw, tracked as CVE-2025-24752 and scoring 7.1 (High) on the CVSS scale, allowed attackers to execute reflected cross-site scripting (XSS) attacks by exploiting insufficient input sanitization in the plugin’s password reset…
Essential Addons for Elementor XSS Vulnerability Discovered

Feb 24, 2025 6:23 PM

Tags: attack, flaw, malicious, risk, vulnerability, wordpress, xss

Elementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/elementor-plugin-vulnerability-2m/
WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack

Feb 19, 2025 6:46 PM

Tags: attack, flaw, malicious, remote-code-execution, vulnerability, wordpress

A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-plugin-flaw-exposes/
90,000 WordPress Sites Exposed to Local File Inclusion Attacks

Feb 19, 2025 11:46 AM

Tags: attack, bug-bounty, cyber, data-breach, flaw, malicious, vulnerability, wordpress

A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025. The flaw enables authenticated attackers with contributor-level privileges to execute remote code via chained Local File Inclusion (LFI) and malicious SVG uploads. Discovered by researcher stealthcopter through the Wordfence Bug Bounty Program, the vulnerability…
Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Feb 17, 2025 2:46 PM

Tags: access, attack, backdoor, control, cyber, exploit, hacker, malware, remote-code-execution, unauthorized, vulnerability, wordpress

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE). These attacks exploit vulnerabilities in WordPress core features and plugins, allowing hackers to gain unauthorized access, execute arbitrary code, and maintain control over compromised sites. The findings highlight the critical need for robust security measures in WordPress…
Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website

Feb 13, 2025 3:48 PM

Tags: blizzard, cyber, exploit, group, hacking, infrastructure, russia, ukraine, usa, vulnerability, wordpress

A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has intensified its cyber operations through a campaign dubbed BadPilot. This multi-year initiative has targeted critical infrastructure worldwide, expanding the group’s reach beyond its traditional focus on Ukraine and Eastern Europe to include North America, Europe, and Asia-Pacific regions. Exploiting Vulnerabilities…
30,000 WordPress Sites Exposed to Exploitation via File Upload Vulnerability

Feb 13, 2025 2:48 PM

Tags: cyber, data-breach, exploit, flaw, malware, remote-code-execution, vulnerability, wordpress

A critical security vulnerability in the >>Security & Malware scan by CleanTalk
Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites

Feb 10, 2025 2:37 PM

Tags: attack, credit-card, cyber, cybercrime, exploit, google, hacker, malicious, tool, wordpress

In a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool widely used by eCommerce websites, to deploy malicious scripts designed to steal credit card information. This attack vector, often referred to as Magecart or e-skimming, has been observed targeting platforms like Magento, WordPress, and OpenCart, among others. The abuse of GTM…