1. WPScan Online
  2. Latest Updates and Insights on WordPress Security

Latest Updates and Insights on WordPress Security

82,000+ WordPress Sites Exposed to Remote Code Execution Attacks

14 May 2025
82,000+ WordPress Sites Exposed to Remote Code Execution Attacks Critical vulnerabilities were identified in TheGem, a premium WordPress theme with more than 82,000 installations worldwide.  Researchers identified two separate but interconnected vulnerabilities in TheGem theme versions 5.10.3 and earlier.  When combined, these vulnerabilities create a dangerous attack vector that could lead to remote code execution and complete site compromise. “The downloaded file is copied […] The post 82,000+ WordPress Sites Exposed to Remote Code Execution Attacks appeared first on Cyber Security News.

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

07 May 2025
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.  "This is due to the create_wp_connection() function missing a capability check and

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

01 May 2025
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. "Pinging functionality that can report back to a command-and-control (C&C) server

New WordPress Malware as Anti-Malware Plugin Take Full Control of Website

01 May 2025
New WordPress Malware as Anti-Malware Plugin Take Full Control of Website A sophisticated malware variant masquerading as a legitimate WordPress security plugin has been identified, capable of providing attackers with persistent access to compromised websites. The malicious code appears in the file system under innocuous names such as ‘WP-antymalwary-bot.php’ or ‘wp-performance-booster.php’, creating a facade of legitimacy while harboring dangerous capabilities including remote code execution, administrator access […] The post New WordPress Malware as Anti-Malware Plugin Take Full Control of Website appeared first on Cyber Security News.

100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure

15 April 2025
100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure A severe vulnerability in the popular WordPress plugin SureTriggers has been actively exploited within just four hours of its public disclosure on April 10, 2025.  The critical authentication bypass flaw affects all versions of the plugin up to 1.0.78, which has over 100,000 installations worldwide.  This vulnerability allows unauthenticated attackers to create administrative user accounts […] The post 100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure appeared first on Cyber Security News.

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

11 April 2025
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

31 March 2025
Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the

WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries

24 March 2025
WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and rewards systems on websites.  The high-impact flaw, categorized as CVE-2024-13496 with a CVSS 3.1 score of 7.5, allowed unauthenticated attackers to inject malicious SQL queries that could potentially compromise entire WordPress installations.  The vulnerability, which affected all GamiPress versions up to 7.3.1, […] The post WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries appeared first on Cyber Security News.

WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks

24 March 2025
WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 active installations.  The high-severity flaw, tracked as CVE-2025-26909 with a CVSS score of 9.6, allows unauthenticated attackers to exploit a Local File Inclusion (LFI) vulnerability that can lead to Remote Code Execution (RCE).  Website administrators are strongly advised to update immediately […] The post WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks appeared first on Cyber Security News.

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

06 March 2025
Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[

WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks

05 March 2025
WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed over 100,000 WordPress websites to unauthenticated remote code execution (RCE) attacks.  The vulnerability, scoring a maximum CVSS 9.8 (Critical) severity rating, originates from improper handling of user-supplied data in the plugin’s donation form processing logic.  Exploiting this flaw allows attackers to […] The post WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks appeared first on Cyber Security News.

90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks

19 February 2025
90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks A severe security flaw in the Jupiter X Core plugin for WordPress exposed over 90,000 websites to Local File Inclusion (LFI) and Remote Code Execution (RCE) attacks.  The vulnerability tracked as CVE-2025-0366 with a CVSS score of 8.8 (High), enables authenticated attackers with contributor-level access to upload malicious SVG files and execute arbitrary code on vulnerable servers. […] The post 90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks appeared first on Cyber Security News.

Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely

17 February 2025
Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This attack chain allows remote execution of malicious code, enabling full server compromise, data theft, and persistent control over infected sites. The/wp-content/mu-plugins/ directory – designed for “must-use” plugins that […] The post Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely appeared first on Cyber Security News.

TAG-124 Hacked 1000+ WordPress Sites To Embed Payloads

31 January 2025
TAG-124 Hacked 1000+ WordPress Sites To Embed Payloads A sophisticated cyber campaign orchestrated by the threat group TAG-124 has compromised over 1,000 WordPress websites to deploy malicious payloads. The operation leverages a multi-layered Traffic Distribution System (TDS) to infect users with malware, demonstrating advanced evasion tactics and infrastructure management. TAG-124’s infrastructure consists of compromised WordPress sites injected with malicious JavaScript to redirect visitors […] The post TAG-124 Hacked 1000+ WordPress Sites To Embed Payloads appeared first on Cyber Security News.

WordPress Real-Estate Plugin Vulnerability Exposes 32k+ Websites To Cyberattack

23 January 2025
WordPress Real-Estate Plugin Vulnerability Exposes 32k+ Websites To Cyberattack A severe security flaw has been discovered in the popular RealHomes WordPress theme and its accompanying plugin, Easy Real Estate, threatening the security of over 23,000 websites.  These vulnerabilities, classified as unauthenticated privilege escalation issues, have been assigned critical severity scores of 9.8 on the CVSS scale and are tracked as CVE-2024-32444 and CVE-2024-32555, respectively. […] The post WordPress Real-Estate Plugin Vulnerability Exposes 32k+ Websites To Cyberattack appeared first on Cyber Security News.

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

13 January 2025
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment

New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards

10 January 2025
A sophisticated credit card skimmer malware had been found hitting WordPress checkout pages, silently injecting malicious JavaScript into database records to obtain sensitive payment details.  Attackers may utilize existing payment fields or inject a fake credit card form to steal payment information covertly and undetected. Targets WordPress Checkout Pages via Database Injection Sucuri claims that […] The post New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards appeared first on Cyber Security News.

WordPress Plugin Weaponizes Legit Sites To Steal Customer Payment Data

07 January 2025
PhishWP, a newly discovered WordPress plugin, is being used by cybercriminals to maliciously convert legitimate websites into phishing traps, putting user data at risk. Cybercriminals created the WordPress plugin PhishWP. It generates fake payment pages that closely resemble legitimate providers like Stripe.  Threat actors use it to steal sensitive data, including browser metadata, credit card […] The post WordPress Plugin Weaponizes Legit Sites To Steal Customer Payment Data appeared first on Cyber Security News.

Nearly 400,000 WordPress credentials stolen

18 December 2024
A threat actor labelled as MUT-1244 has stolen more than 390,000 WordPress credentials. 

RCE Vulnerability in 1,000,000 WordPress Sites Lets Attackers Gain Control Over Backend

17 December 2024
A critical Remote Code Execution (RCE) vulnerability (CVE-2024-6386), affecting over 1,000,000 active installations of the WordPress Multilingual Plugin (WPML). This flaw, stemming from a Server-Side Template Injection (SSTI) vulnerability in the Twig template engine, allowed attackers to execute arbitrary code on the affected websites. Rated as critical with a CVSS score of 9.9, the vulnerability […] The post RCE Vulnerability in 1,000,000 WordPress Sites Lets Attackers Gain Control Over Backend appeared first on Cyber Security News.