plugin Archives • Daily CyberSecurity

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access

Do Son September 25, 2025

Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by...

WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads WordPress Supply Chain, Plugin Backdoor

WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads

Do Son July 14, 2025

In a concerning development for WordPress site administrators, the Patchstack team has uncovered a targeted supply chain...

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks WordPress Plugin, Arbitrary File Deletion

WordPress Plugin, Arbitrary File Deletion

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

Do Son July 10, 2025

A critical vulnerability in the SureForms WordPress plugin—which has over 200,000 active installations—has exposed websites to a...

Stealthy WordPress Malware Uncovered: SEO Spam Plugin Mimics Your Domain to Evade Detection WordPress Malware, SEO Spam

Stealthy WordPress Malware Uncovered: SEO Spam Plugin Mimics Your Domain to Evade Detection

Do Son July 4, 2025

In a recent investigation, Kayleigh Martin, a Security Analyst at Sucuri, uncovered a cunning new tactic used...

CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover WordPress Plugin, Arbitrary File Deletion

CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover

Do Son July 2, 2025

A newly disclosed high-severity vulnerability in the popular Forminator plugin threatens the security of hundreds of thousands...

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials WordPress Malware, Credit Card Skimming

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Do Son June 25, 2025

The Wordfence Threat Intelligence Team has unveiled a powerful malware framework operating under the guise of a...

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover

Do Son June 19, 2025

Security researchers at Wordfence have uncovered a vulnerability in the popular AI Engine plugin for WordPress, which...

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover! PayU CommercePro, Account Takeover

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover!

Do Son June 9, 2025

A severe vulnerability in the PayU CommercePro plugin for WordPress, which has over 5,000 active installations, allows...

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities WordPress Malware, Hidden Plugin

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities

Do Son June 4, 2025

The Wordfence Threat Intelligence team has uncovered a deceptive and highly persistent WordPress malware variant that disguises...

WooCommerce Wishlist vulnerability CVE-2025-47577

Unpatched & Critical (CVSS 10): TI WooCommerce Wishlist Vulnerability Affects 100K+ Sites

Do Son May 27, 2025

Researchers have discovered a critical security vulnerability in the TI WooCommerce Wishlist plugin, a widely-used tool that...

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin Greenshift plugin WordPress vulnerability

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin

Do Son April 21, 2025

A critical vulnerability affecting the popular WordPress plugin Greenshift – animation and page builder blocks has come...

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites Everest Forms Vulnerability WordPress Plugin Security

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites

Do Son April 12, 2025

A critical security vulnerability has been discovered in the Everest Forms WordPress plugin, putting over 100,000 websites...

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability InstaWP Connect Vulnerability WordPress Plugin Security

InstaWP Connect Vulnerability WordPress Plugin Security

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability

Do Son April 11, 2025

A severe security vulnerability has been identified in the InstaWP Connect WordPress plugin, posing a significant risk...

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover WordPress Vulnerability SureTriggers

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover

Do Son April 10, 2025

A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the...

CVE-2025-26776 (CVSS 10) in Chaty Pro Plugin Exposes Thousands of WordPress Sites to Takeover

Do Son March 5, 2025

A critical vulnerability has been discovered in the Chaty Pro plugin for WordPress, potentially allowing attackers to...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

plugin

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access

WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

Stealthy WordPress Malware Uncovered: SEO Spam Plugin Mimics Your Domain to Evade Detection

CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover!

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities

Unpatched & Critical (CVSS 10): TI WooCommerce Wishlist Vulnerability Affects 100K+ Sites

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover

CVE-2025-26776 (CVSS 10) in Chaty Pro Plugin Exposes Thousands of WordPress Sites to Takeover