Latest Updates and Insights on WordPress Security

---

WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack

A critical cross-site scripting (XSS) vulnerability has been discovered in the popular LiteSpeed Cache plugin for WordPress, affecting millions of websites worldwide. The vulnerability, tracked as CVE-2025-12450, poses a significant risk to site visitors and administrators alike. The LiteSpeed Cache plugin is one of the most widely used performance optimization tools in the WordPress ecosystem, […] The post WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack appeared first on Cyber Security News.

---

Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild

Threat actors have launched a significant mass exploitation campaign targeting critical vulnerabilities in two popular WordPress plugins, GutenKit and Hunk Companion, affecting hundreds of thousands of websites globally. These vulnerabilities, discovered in September and October 2024, have resurfaced as an active threat in October 2025, demonstrating the persistent danger of unpatched installations. The attack vectors […] The post Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild appeared first on Cyber Security News.

---

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is characterized by its use of compromised WordPress websites and 'EtherHiding,' a technique used

---

Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access

Over the past two months, threat actors have weaponized a critical authentication bypass flaw in the Service Finder Bookings WordPress plugin, enabling them to hijack any account on compromised sites. First disclosed on July 31, 2025, the vulnerability emerged after a bug bounty submission revealed that the plugin’s servicefinderswitchback function failed to validate a user-switch […] The post Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access appeared first on Cyber Security News.

---

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the

---

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company

---

Hackers Weaponizing WordPress Websites by Injecting Malicious PHP Codes Silently

WordPress websites have become a prime target for threat actors seeking to monetize traffic and compromise visitor security. In recent months, a new malvertising campaign has emerged, leveraging silent PHP code injections within theme files to serve unwanted third-party scripts. The attack blends seamlessly with legitimate site operations, delivering obfuscated JavaScript that redirects visitors, displays […] The post Hackers Weaponizing WordPress Websites by Injecting Malicious PHP Codes Silently appeared first on Cyber Security News.

---

Hackers Exploiting WordPress Websites With Silent Malware to Gain Admin Access

A sophisticated malware campaign targeting WordPress websites has been discovered employing advanced steganographic techniques and persistent backdoor mechanisms to maintain unauthorized administrator access. The malware operates through two primary components that work in tandem to create a resilient attack infrastructure, enabling cybercriminals to establish persistent footholds on compromised websites while remaining undetected by traditional security […] The post Hackers Exploiting WordPress Websites With Silent Malware to Gain Admin Access appeared first on Cyber Security News.

---

WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login

A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing unauthenticated attackers to gain administrative access to websites by exploiting the social login functionality. The vulnerability, tracked as CVE-2025-5821 with a CVSS score of 9.8, affects all versions of the plugin up to 1.0.3 and […] The post WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login appeared first on Cyber Security News.

---

New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands

A sophisticated global cybercrime campaign dubbed “ShadowCaptcha” has emerged as a significant threat to organizations worldwide, leveraging fake Google and Cloudflare CAPTCHA pages to trick victims into executing malicious commands. Discovered by researchers at the Israel National Digital Agency in August 2025, this large-scale operation has been active for at least one year, exploiting hundreds […] The post New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands appeared first on Cyber Security News.

---

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptcha by the Israel National

---

Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks

A critical security vulnerability has been discovered in the popular “Database for Contact Form 7, WPforms, Elementor forms” WordPress plugin, potentially exposing over 70,000 websites to remote code execution attacks.  The vulnerability, tracked as CVE-2025-7384 with a maximum CVSS score of 9.8, affects all versions up to and including 1.4.3 and was publicly disclosed on […] The post Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks appeared first on Cyber Security News.

---

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email

A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach that combines compromised WordPress websites, malicious torrents, and deceptive email campaigns. First detected in October 2024, this ClipBanker-type Trojan has evolved from a simple cryptocurrency stealer into a comprehensive malicious infrastructure capable of self-propagation and […] The post Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email appeared first on Cyber Security News.

---

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload

---

WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control

A critical remote code execution (RCE) vulnerability in the popular “Alone” WordPress theme is being actively exploited by attackers to gain complete control of vulnerable websites.  The vulnerability, assigned CVE-2025-5394 with a maximum CVSS score of 9.8, affects over 9,000 sites using versions 7.8.3 and below of the charity-focused theme. Key Takeaways1. Critical RCE flaw […] The post WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control appeared first on Cyber Security News.

---

Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites

A sophisticated WordPress malware campaign has been discovered operating through the rarely monitored mu-plugins directory, giving attackers persistent access to compromised websites while evading traditional security measures. The malicious code, identified as wp-index.php, exploits WordPress’s “must-use plugins” functionality to maintain continuous operation without the possibility of deactivation through the admin panel. The backdoor employs advanced […] The post Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites appeared first on Cyber Security News.

---

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"

---

Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting WordPress websites through an ingenious ZIP archive-based attack mechanism. The malware, first reported in July 2025, represents a significant evolution in web-based threats, utilizing advanced obfuscation techniques and stealthy persistence methods to redirect unsuspecting visitors to malicious domains while simultaneously conducting search engine optimization poisoning operations. […] The post Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites appeared first on Cyber Security News.

---

WordPress GravityForms Plugin Hacked to Include Malicious Code

A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with the malware being distributed directly through the official […] The post WordPress GravityForms Plugin Hacked to Include Malicious Code appeared first on Cyber Security News.

---

Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack

A critical security vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 websites worldwide and potentially exposing them to complete site takeover attacks. The vulnerability, assigned CVE-2025-6691 with a CVSS score of 8.8, allows unauthenticated attackers to delete arbitrary files on affected servers, including the crucial wp-config.php file that controls WordPress database […] The post Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack appeared first on Cyber Security News.