-
Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process.
- December 03, 2025
- 04:31 PM
0
-
W3 Total Cache WordPress plugin vulnerable to PHP command injection
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.
- November 19, 2025
- 12:34 PM
1
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
You can get two years of WordPress hosting for just $50 in this deal
Hostinger's 2-year Premium Web Hosting plan keeps it firmly in the "easy" category, and right now, new U.S. users can grab it for $49.99 (MSRP: $306.74) for a limited time.
- November 18, 2025
- 07:12 AM
- 0
-
Hackers exploit WordPress plugin Post SMTP to hijack admin accounts
Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts.
- November 04, 2025
- 04:46 PM
- 1
-
Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions.
- November 04, 2025
- 02:49 AM
- 0
-
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
- October 29, 2025
- 04:44 PM
- 1
-
Hackers launch mass attacks exploiting outdated WordPress plugins
A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE).
- October 24, 2025
- 03:28 PM
- 0
-
Hackers exploit auth bypass in Service Finder WordPress theme
Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators.
- October 08, 2025
- 11:57 AM
- 0
-
Pi-hole discloses data breach triggered by WordPress plugin flaw
Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin.
- August 01, 2025
- 12:13 PM
- 2
-
Hackers actively exploit critical RCE in WordPress Alone theme
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover.
- July 30, 2025
- 01:40 PM
- 0
-
Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks
More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account.
- July 26, 2025
- 10:17 AM
- 0
-
WordPress Gravity Forms developer hacked to push backdoored plugins
The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor.
- July 11, 2025
- 03:30 PM
- 0
-
Forminator plugin flaw exposes WordPress sites to takeover attacks
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks.
- July 02, 2025
- 11:38 AM
- 0
-
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site.
- June 21, 2025
- 10:09 AM
- 0
-
Linux Foundation unveils decentralized WordPress plugin manager
A collective of former WordPress developers and contributors backed by the Linux Foundation has launched the FAIR Package Manager, a new and independent distribution system for trusted WordPress plugins and themes.
- June 09, 2025
- 02:07 PM
- 1
-
Premium WordPress 'Motors' theme vulnerable to admin takeover attacks
A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites.
- May 20, 2025
- 03:46 PM
- 0
-
Hackers exploit OttoKit WordPress plugin flaw to add admin accounts
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites.
- May 07, 2025
- 11:37 AM
- 0
-
WordPress plugin disguised as a security tool injects backdoor
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it.
- April 30, 2025
- 05:05 PM
- 0
-
WooCommerce admins targeted by fake security patches that hijack sites
A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site.
- April 26, 2025
- 10:09 AM
- 0
-
WordPress ad-fraud plugins generated 1.4 billion ad requests per day
A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.
- April 21, 2025
- 09:00 AM
- 0
