Tag: wordpress
-
Hackers Compromise WordPress GravityForms Plugin with Malicious Code Injection
Hackers have targeted the popular WordPress plugin Gravity Forms, injecting malicious code into versions downloaded from the official gravityforms.com domain. The breach was first reported on July 11, 2025, when security researchers noticed suspicious HTTP requests to the domain gravityapi.org, which was registered just days earlier on July 8, 2025. This domain, now suspended by…
-
WordPress Gravity Forms developer hacked to push backdoored plugins
The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-gravity-forms-developer-hacked-to-push-backdoored-plugins/
-
Severe WordPress Plugin Flaw Puts 200,000 Sites at Risk of Full Takeover
A critical arbitrary file deletion vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 active installations and potentially enabling unauthenticated attackers to achieve full site takeover. The flaw, tracked as CVE-2025-6691 with a CVSS score of 8.8 (High), resides in versions up to 1.7.3 of the plugin, which is developed by Brainstorm…
-
NetSupport RAT Spreads Through Compromised WordPress Sites Using ClickFix Technique
The Cybereason Global Security Operations Center (GSOC) has uncovered a sophisticated campaign by threat actors who are exploiting compromised WordPress websites to distribute malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT). This campaign, detailed in a recent report, employs phishing emails, PDF attachments, and even gaming websites to lure unsuspecting users into…
-
Malicious SEO Plugins on WordPress Can Lead to Site Takeover
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated malware campaigns where attackers disguise their plugins to blend seamlessly with legitimate site components, making detection extremely challenging for administrators. One particularly insidious tactic involves naming the malicious plugin after…
-
WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion
A severe flaw identified in the Forminator WordPress plugin allows arbitrary file deletion and potential site takeover First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wordpress-plugin-flaw-sites-file/
-
Breach Roundup: Phony Chinese Sites Mimic Retail Brands
Also, Spain Arrests Hacker Behind Leaks Targeting Politicians and Journalists. This week, Chinese sites mimicked brands, Spain arrested data leak hackers, Swiss health nonprofit ransomware attack, ICC probed a cyberattack, UNFI restored systems, a flaw in smart tractors, RomCom RAT. A U.K. man sentenced for locking employer out of network. A WordPress hack installs a…
-
Widespread WordPress site takeover possible with plugin flaw
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-wordpress-site-takeover-possible-with-plugin-flaw
-
Forminator plugin flaw exposes WordPress sites to takeover attacks
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/forminator-plugin-flaw-exposes-wordpress-sites-to-takeover-attacks/
-
Over 600K WordPress Sites at Risk Due to Critical Plugin Vulnerability
A critical security flaw in the popular Forminator WordPress plugin has put more than600,000 websitesworldwide at risk of remote takeover, according to recent disclosures from security firm Wordfence and independent researchers. The vulnerability, tracked as CVE-2025-6463 and rated 8.8 (High) on the CVSS scale, allows unauthenticated attackers to delete arbitrary files from affected servers”, potentially leading to full site…
-
Stealthy WordPress Malware Uses PHP Backdoor to Deliver Windows Trojan
A sophisticated malware campaign targeting WordPress websites has recently been uncovered, showcasing an intricate and stealthy approach to delivering a Windows-based trojan. This attack, which operates beneath the surface of seemingly clean websites, employs a layered infection chain involving PHP-based droppers, obfuscated code, and IP-based evasion tactics to distribute a malicious payload named client32.exe. Hidden…
-
Advanced malware spread via fake WordPress Core plugin
First seen on scworld.com Jump to article: www.scworld.com/brief/advanced-malware-spread-via-wordpress-core-plugin
-
Threat Actors Manipulate Search Results, Exploit ChatGPT and Luma AI Popularity to Deliver Malicious Payloads
Threat actors are leveraging the soaring popularity of AI tools like ChatGPT and Luma AI to distribute malware through deceptive websites. Zscaler ThreatLabz researchers have uncovered a network of malicious AI-themed sites, often hosted on platforms like WordPress, that exploit Black Hat SEO techniques to poison search engine rankings. These sites appear prominently in search…
-
New WordPress Malware Hides on Checkout Pages and Imitates Cloudflare
Wordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection. First seen on hackread.com Jump to article: hackread.com/wordpress-malware-checkout-pages-imitates-cloudflare/
-
Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware
IntroductionZscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware. The threat actors behind these attacks are exploiting the popularity of AI tools like ChatGPT and Luma AI. These websites are utilizing platforms such as WordPress and are designed to poison search engine rankings and increase the probability of unsuspecting users landing on these…
-
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards
A long-running malware campaign targeting WordPress via a rogue plugin has been observed skimming data, stealing credentials and user profiling First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rogue-wordpress-plugin-skim-credit/
-
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers
The Wordfence Threat Intelligence Team uncovered a sophisticated malware campaign during a routine site cleanup, revealing a family of malicious code targeting WordPress and WooCommerce platforms. This campaign, which dates back to September 2023 as per their Threat Intelligence platform, showcases a dynamic and evolving framework with over 20 distinct samples. Sophisticated Malware Framework The…
-
Admin account takeovers via widespread WordPress theme exploitation underway
First seen on scworld.com Jump to article: www.scworld.com/brief/admin-account-takeovers-via-widespread-wordpress-theme-exploitation-underway
-
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme “Motors” to hijack administrator accounts and gain complete control of a targeted site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-motors-theme-flaw-mass-exploited-to-hijack-admin-accounts/
-
Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed on over 100,000 WordPress websites. This vulnerability, classified as an Insufficient Authorization to Privilege Escalation via Model Context Protocol (MCP), has a CVSS score of 8.8 (High) and has been assigned the identifier CVE-2025-5071. Affecting…
-
jQuery Migrate Library Compromised to Steal Logins via Parrot Traffic Direction System
Security researchers from the Trellix Advanced Research Centre have uncovered a sophisticated malware campaign exploiting the widely trusted jQuery Migrate library, a backward compatibility plugin used extensively in platforms like WordPress, Joomla, and Drupal. The attack, which began with a routine URL inspection following unusual online activity, revealed a weaponized version of jquery-migrate-3.4.1.min.js. Sophisticated Malware…
-
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that’s designed to distribute malicious content.”VexTrio is a group of malicious adtech companies that distribute scams and harmful…
-
Hijacking of thousands of WordPress sites possible with PayU plugin bug
Tags: wordpressFirst seen on scworld.com Jump to article: www.scworld.com/brief/hijacking-of-thousands-of-wordpress-sites-possible-with-payu-plugin-bug
-
Linux Foundation unveils decentralized WordPress plugin manager
A collective of former WordPress developers and contributors backed by the Linux Foundation has launched the FAIR Package Manager, a new and independent distribution system for trusted WordPress plugins and themes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/linux-foundation-unveils-decentralized-wordpress-plugin-manager/
-
PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites
Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/payu-plugin-flaw-wordpress-account/
-
Linux Foundation tries to play peacemaker in ongoing WordPress scuffle
FAIR Package Manager project aims to prevent political power plays First seen on theregister.com Jump to article: www.theregister.com/2025/06/06/linux_foundation_wordpress_peacemaker/
-
WordPress Admins Cautioned About Fake Cache Plugin Stealing Admin Credentials
A newly identified malicious plugin, dubbed >>wp-runtime-cache,
-
DollyWay World Domination Attack Compromises 20,000+ Sites
Since 2016, the “DollyWay World Domination” campaign has quietly compromised more than 20,000 WordPress websites worldwide, exploiting vulnerabilities in plugins and themes to redirect visitors to malicious destinations. The operation’s name comes from a telltale code string found in infected sites: phpdefine(‘DOLLY_WAY’, ‘World Domination’); DollyWay’s infection chain is highly sophisticated, employing a four-stage JavaScript and…
-
Malicious WordPress Plugin Disguised as Java Update Infects Site Visitors
A troubling new cyber threat has emerged targeting WordPress websites, where a malicious plugin masquerading as a legitimate tool tricks visitors into downloading harmful software. Disguised as “Yoast SEO” with convincing metadata, this plugin was recently uncovered in the /wp-content/plugins/contact-form/ directory of an infected site. Rather than providing SEO functionality, it injects a deceptive JavaScript…
-
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on…