Latest Updates and Insights on WordPress Security

---

New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands

A sophisticated global cybercrime campaign dubbed “ShadowCaptcha” has emerged as a significant threat to organizations worldwide, leveraging fake Google and Cloudflare CAPTCHA pages to trick victims into executing malicious commands. Discovered by researchers at the Israel National Digital Agency in August 2025, this large-scale operation has been active for at least one year, exploiting hundreds […] The post New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands appeared first on Cyber Security News.

---

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptcha by the Israel National

---

Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks

A critical security vulnerability has been discovered in the popular “Database for Contact Form 7, WPforms, Elementor forms” WordPress plugin, potentially exposing over 70,000 websites to remote code execution attacks.  The vulnerability, tracked as CVE-2025-7384 with a maximum CVSS score of 9.8, affects all versions up to and including 1.4.3 and was publicly disclosed on […] The post Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks appeared first on Cyber Security News.

---

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email

A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach that combines compromised WordPress websites, malicious torrents, and deceptive email campaigns. First detected in October 2024, this ClipBanker-type Trojan has evolved from a simple cryptocurrency stealer into a comprehensive malicious infrastructure capable of self-propagation and […] The post Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email appeared first on Cyber Security News.

---

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload

---

WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control

A critical remote code execution (RCE) vulnerability in the popular “Alone” WordPress theme is being actively exploited by attackers to gain complete control of vulnerable websites.  The vulnerability, assigned CVE-2025-5394 with a maximum CVSS score of 9.8, affects over 9,000 sites using versions 7.8.3 and below of the charity-focused theme. Key Takeaways1. Critical RCE flaw […] The post WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control appeared first on Cyber Security News.

---

Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites

A sophisticated WordPress malware campaign has been discovered operating through the rarely monitored mu-plugins directory, giving attackers persistent access to compromised websites while evading traditional security measures. The malicious code, identified as wp-index.php, exploits WordPress’s “must-use plugins” functionality to maintain continuous operation without the possibility of deactivation through the admin panel. The backdoor employs advanced […] The post Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites appeared first on Cyber Security News.

---

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"

---

Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting WordPress websites through an ingenious ZIP archive-based attack mechanism. The malware, first reported in July 2025, represents a significant evolution in web-based threats, utilizing advanced obfuscation techniques and stealthy persistence methods to redirect unsuspecting visitors to malicious domains while simultaneously conducting search engine optimization poisoning operations. […] The post Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites appeared first on Cyber Security News.

---

WordPress GravityForms Plugin Hacked to Include Malicious Code

A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with the malware being distributed directly through the official […] The post WordPress GravityForms Plugin Hacked to Include Malicious Code appeared first on Cyber Security News.

---

Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack

A critical security vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 websites worldwide and potentially exposing them to complete site takeover attacks. The vulnerability, assigned CVE-2025-6691 with a CVSS score of 8.8, allows unauthenticated attackers to delete arbitrary files on affected servers, including the crucial wp-config.php file that controls WordPress database […] The post Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack appeared first on Cyber Security News.

---

Hackers Use ClickFix Technique to Deploy NetSupport RAT via Compromised WordPress Sites

Security researchers have uncovered a sophisticated cyberattack campaign leveraging compromised WordPress websites to distribute the NetSupport Remote Access Trojan through an innovative social engineering method dubbed “ClickFix.” The Cybereason Global Security Operations Center (GSOC) discovered the campaign in May 2025, revealing how threat actors are weaponizing legitimate remote access tools to gain unauthorized control over […] The post Hackers Use ClickFix Technique to Deploy NetSupport RAT via Compromised WordPress Sites appeared first on Cyber Security News.

---

Critical WordPress Plugin Vulnerability Exposes 600,000+ Sites to Remote Takeover

A severe arbitrary file deletion vulnerability has been discovered in the popular Forminator WordPress plugin, affecting over 600,000 active installations worldwide.  The vulnerability, assigned CVE-2025-6463 with a high CVSS rating of 8.8, allows unauthenticated attackers to delete critical system files, including wp-config.php, potentially leading to complete site takeover and remote code execution. Summary1. Forminator plugin […] The post Critical WordPress Plugin Vulnerability Exposes 600,000+ Sites to Remote Takeover appeared first on Cyber Security News.

---

Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor

A sophisticated multi-stage malware campaign has been discovered targeting WordPress websites, employing an intricate infection chain that delivers Windows trojans to unsuspecting visitors while maintaining complete invisibility to standard security checks. The malware represents a significant evolution in web-based attack techniques, combining PHP backdoors with advanced evasion mechanisms to establish persistent access to victim systems. […] The post Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor appeared first on Cyber Security News.

---

Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers

A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring multiple variants designed for different malicious purposes including payment data theft, WordPress credential harvesting, and […] The post Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers appeared first on Cyber Security News.

---

Dropping security updates for WordPress versions 4.1 through 4.6

As of July 2025, the WordPress Security Team will no longer provide security updates for WordPress versions 4.1 through 4.6. These versions were first released nine or more years ago and over 99% of WordPress installations run a more recent version. The chances this will affect your site, or sites, is very small. If you […]

---

Hundreds of WordPress Websites Hacked By VexTrio Viper Group to Run Massive TDS Services

A sophisticated cybercriminal enterprise known as VexTrio has orchestrated one of the most extensive WordPress compromise campaigns ever documented, hijacking hundreds of thousands of websites globally to operate massive traffic distribution systems (TDS) that funnel victims into elaborate scam networks. This malicious operation, which has been active since at least 2015, represents a paradigm shift […] The post Hundreds of WordPress Websites Hacked By VexTrio Viper Group to Run Massive TDS Services appeared first on Cyber Security News.

---

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content. "VexTrio is a group of malicious adtech companies that distribute scams and harmful software via

---

WordPress Admins Beware! Fake Cache Plugin that Steals Admin Logins

A sophisticated malware campaign targeting WordPress administrators has been discovered, utilizing a deceptive caching plugin to steal login credentials and compromise website security.  Security researchers have identified a malicious plugin disguised as “wp-runtime-cache” that specifically targets users with administrative privileges, exfiltrating sensitive authentication data to external servers controlled by cybercriminals. Fake WordPress Cache Steals Logins […] The post WordPress Admins Beware! Fake Cache Plugin that Steals Admin Logins appeared first on Cyber Security News.

---

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social