Attackers exploit a critical privilege escalation flaw in the King Addons for Elementor WordPress plugin, allowing unauthenticated users to create administrator accounts and seize control of sites.
This vulnerability, tracked as CVE-2025-8489 with a CVSS score of 9.8, affects over 10,000 installations and has...
Security researchers released a proof-of-concept exploit for CVE-2025-9501, a critical unauthenticated remote code execution flaw in the W3 Total Cache WordPress plugin.
This vulnerability affects over 1 million sites and allows attackers to run arbitrary PHP code via simple comments.
Vulnerability Breakdown
The flaw affects versions...
A critical security flaw in the popular W3 Total Cache WordPress plugin has exposed over one million websites to remote code execution attacks, allowing hackers to run malicious commands without logging in.
This vulnerability, tracked as CVE-2025-9501, affects versions before 2.8.13 and was publicly...
A critical security vulnerability in the popular "Alone" WordPress theme has been actively exploited by cybercriminals to gain complete control of vulnerable websites.
The vulnerability, which affects a theme with over 9,000 sales, allows unauthenticated attackers to upload malicious files and execute remote...
A critical security vulnerability in the popular Post SMTP WordPress plugin has left over 400,000 websites exposed to potential account takeover attacks, allowing even the lowest-privileged users to gain administrator access and achieve full site control.
The vulnerability, tracked as CVE-2025-24000, stems from broken...
Security researchers have uncovered a sophisticated WordPress malware campaign that exploits the rarely monitored mu-plugins directory to establish persistent backdoors on compromised websites.
The malicious code, discovered in the file wp-content/mu-plugins/wp-index.php, represents a significant evolution in WordPress attack techniques, utilizing database storage and ROT13 obfuscation...