Latest Updates and Insights on WordPress Security

---

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email

A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach that combines compromised WordPress websites, malicious torrents, and deceptive email campaigns. First detected in October 2024, this ClipBanker-type Trojan has evolved from a simple cryptocurrency stealer into a comprehensive malicious infrastructure capable of self-propagation and […] The post Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email appeared first on Cyber Security News.

---

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload

---

WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control

A critical remote code execution (RCE) vulnerability in the popular “Alone” WordPress theme is being actively exploited by attackers to gain complete control of vulnerable websites.  The vulnerability, assigned CVE-2025-5394 with a maximum CVSS score of 9.8, affects over 9,000 sites using versions 7.8.3 and below of the charity-focused theme. Key Takeaways1. Critical RCE flaw […] The post WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control appeared first on Cyber Security News.

---

Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites

A sophisticated WordPress malware campaign has been discovered operating through the rarely monitored mu-plugins directory, giving attackers persistent access to compromised websites while evading traditional security measures. The malicious code, identified as wp-index.php, exploits WordPress’s “must-use plugins” functionality to maintain continuous operation without the possibility of deactivation through the admin panel. The backdoor employs advanced […] The post Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites appeared first on Cyber Security News.

---

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"

---

Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites

Cybersecurity researchers have uncovered a sophisticated malware campaign targeting WordPress websites through an ingenious ZIP archive-based attack mechanism. The malware, first reported in July 2025, represents a significant evolution in web-based threats, utilizing advanced obfuscation techniques and stealthy persistence methods to redirect unsuspecting visitors to malicious domains while simultaneously conducting search engine optimization poisoning operations. […] The post Threat Actors Weaponize WordPress Websites to Redirect Visitors to Malicious Websites appeared first on Cyber Security News.

---

WordPress GravityForms Plugin Hacked to Include Malicious Code

A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with the malware being distributed directly through the official […] The post WordPress GravityForms Plugin Hacked to Include Malicious Code appeared first on Cyber Security News.

---

Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack

A critical security vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 websites worldwide and potentially exposing them to complete site takeover attacks. The vulnerability, assigned CVE-2025-6691 with a CVSS score of 8.8, allows unauthenticated attackers to delete arbitrary files on affected servers, including the crucial wp-config.php file that controls WordPress database […] The post Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack appeared first on Cyber Security News.

---

Hackers Use ClickFix Technique to Deploy NetSupport RAT via Compromised WordPress Sites

Security researchers have uncovered a sophisticated cyberattack campaign leveraging compromised WordPress websites to distribute the NetSupport Remote Access Trojan through an innovative social engineering method dubbed “ClickFix.” The Cybereason Global Security Operations Center (GSOC) discovered the campaign in May 2025, revealing how threat actors are weaponizing legitimate remote access tools to gain unauthorized control over […] The post Hackers Use ClickFix Technique to Deploy NetSupport RAT via Compromised WordPress Sites appeared first on Cyber Security News.

---

Critical WordPress Plugin Vulnerability Exposes 600,000+ Sites to Remote Takeover

A severe arbitrary file deletion vulnerability has been discovered in the popular Forminator WordPress plugin, affecting over 600,000 active installations worldwide.  The vulnerability, assigned CVE-2025-6463 with a high CVSS rating of 8.8, allows unauthenticated attackers to delete critical system files, including wp-config.php, potentially leading to complete site takeover and remote code execution. Summary1. Forminator plugin […] The post Critical WordPress Plugin Vulnerability Exposes 600,000+ Sites to Remote Takeover appeared first on Cyber Security News.

---

Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor

A sophisticated multi-stage malware campaign has been discovered targeting WordPress websites, employing an intricate infection chain that delivers Windows trojans to unsuspecting visitors while maintaining complete invisibility to standard security checks. The malware represents a significant evolution in web-based attack techniques, combining PHP backdoors with advanced evasion mechanisms to establish persistent access to victim systems. […] The post Stealthy WordPress Malware Deliver Windows Trojan via PHP Backdoor appeared first on Cyber Security News.

---

Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers

A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring multiple variants designed for different malicious purposes including payment data theft, WordPress credential harvesting, and […] The post Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers appeared first on Cyber Security News.

---

Dropping security updates for WordPress versions 4.1 through 4.6

As of July 2025, the WordPress Security Team will no longer provide security updates for WordPress versions 4.1 through 4.6. These versions were first released nine or more years ago and over 99% of WordPress installations run a more recent version. The chances this will affect your site, or sites, is very small. If you […]

---

Hundreds of WordPress Websites Hacked By VexTrio Viper Group to Run Massive TDS Services

A sophisticated cybercriminal enterprise known as VexTrio has orchestrated one of the most extensive WordPress compromise campaigns ever documented, hijacking hundreds of thousands of websites globally to operate massive traffic distribution systems (TDS) that funnel victims into elaborate scam networks. This malicious operation, which has been active since at least 2015, represents a paradigm shift […] The post Hundreds of WordPress Websites Hacked By VexTrio Viper Group to Run Massive TDS Services appeared first on Cyber Security News.

---

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content. "VexTrio is a group of malicious adtech companies that distribute scams and harmful software via

---

WordPress Admins Beware! Fake Cache Plugin that Steals Admin Logins

A sophisticated malware campaign targeting WordPress administrators has been discovered, utilizing a deceptive caching plugin to steal login credentials and compromise website security.  Security researchers have identified a malicious plugin disguised as “wp-runtime-cache” that specifically targets users with administrative privileges, exfiltrating sensitive authentication data to external servers controlled by cybercriminals. Fake WordPress Cache Steals Logins […] The post WordPress Admins Beware! Fake Cache Plugin that Steals Admin Logins appeared first on Cyber Security News.

---

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social

---

WordPress TI WooCommerce Wishlist Plugin Vulnerability Exposes 100,000+ Websites To Cyberattack

A critical security vulnerability in the popular TI WooCommerce Wishlist plugin has left over 100,000 WordPress websites exposed to potential cyberattacks, with security researchers warning of imminent exploitation risks. The vulnerability, designated as CVE-2025-47577 and assigned the maximum CVSS score of 10.0, enables unauthenticated attackers to upload arbitrary files to affected websites, potentially leading to […] The post WordPress TI WooCommerce Wishlist Plugin Vulnerability Exposes 100,000+ Websites To Cyberattack appeared first on Cyber Security News.

---

WordPress Plugin Vulnerability Exposes 22,000 Sites to Cyber Attacks

A critical security vulnerability discovered in the popular Motors WordPress theme has exposed approximately 22,000 websites to significant risk.  Security researchers have identified a privilege escalation vulnerability that allows unauthenticated attackers to take over administrative accounts, potentially compromising the entire website.  This vulnerability (CVE-2025-4322) carries a critical CVSS score of 9.8 and affects all versions […] The post WordPress Plugin Vulnerability Exposes 22,000 Sites to Cyber Attacks appeared first on Cyber Security News.

---

Critical WordPress Plugin Vulnerability Exposes 10K+ Sites to Cyber Attack

A severe privilege escalation vulnerability has been discovered in the popular WordPress plugin Eventin, putting more than 10,000 websites at risk of complete compromise. The vulnerability, now tracked as CVE-2025-47539, allows unauthenticated attackers to create administrator accounts without any user interaction, giving them full control over affected websites. Security researchers are urging site owners to […] The post Critical WordPress Plugin Vulnerability Exposes 10K+ Sites to Cyber Attack appeared first on Cyber Security News.