Website Security Archives • Daily CyberSecurity

Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms WordPress Plugin

Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms WordPress Plugin

Do Son March 26, 2026

The attackers begin actively exploiting a critical vulnerability in Kali Forms, a popular drag-and-drop form builder WordPress...

WordPress Security Alert: Critical Privilege Escalation Flaw in Popular Membership Plugin WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Security Alert: Critical Privilege Escalation Flaw in Popular Membership Plugin

Do Son March 4, 2026

A massive security hole has been discovered in the User Registration & Membership plugin for WordPress, a...

CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE Jinjava Vulnerability CVE-2026-25526 CVE-2025-59340 HubSpot RCE

Jinjava Vulnerability CVE-2026-25526 CVE-2025-59340 HubSpot RCE

CVE-2025-59340: Critical HubSpot’s Jinjava Engine Flaw Exposes Thousands of Websites to RCE

Do Son September 19, 2025

HubSpot has issued a security advisory regarding a critical flaw in its Jinjava template engine, which powers...

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss WordPress vulnerability, CVE-2025-7384

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss

Do Son August 14, 2025

A critical security vulnerability has been disclosed in the widely used Database for Contact Form 7, WPforms,...

CVE-2025-4601: Flaw Exposes 33,000+ RealHomes WordPress Sites to Admin Takeover WordPress Vulnerability

CVE-2025-4601: Flaw Exposes 33,000+ RealHomes WordPress Sites to Admin Takeover

Do Son June 10, 2025

A critical Privilege Escalation vulnerability has been disclosed in the RealHomes WordPress theme, a popular real estate...

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities WordPress Malware, Hidden Plugin

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities

Do Son June 4, 2025

The Wordfence Threat Intelligence team has uncovered a deceptive and highly persistent WordPress malware variant that disguises...

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover Motors WordPress theme vulnerability CVE-2025-4322

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover

Do Son May 20, 2025

A critical vulnerability has been discovered in the Motors WordPress theme, a popular premium theme with over...

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites Houzez theme - CVE-2024-22303 and CVE-2024-21743

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites

Do Son May 20, 2025

Imperva researchers have disclosed a newly discovered vulnerability in WordPress that could expose sensitive draft and private...

CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites Privilege Escalation, WordPress Plugin

CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites

Do Son May 16, 2025

A high-severity vulnerability in a popular WordPress event management plugin has been disclosed and patched, raising alarms...

WordPress Malware Alert: Fake Anti-Malware Plugin Grants Admin Access and Executes Remote Code WordPress Malware Fake Plugin

WordPress Malware Alert: Fake Anti-Malware Plugin Grants Admin Access and Executes Remote Code

Do Son April 30, 2025

The Wordfence Threat Intelligence team has issued a critical warning about a sophisticated malware variant that is...

Fake Font Domain Used in Credit Card Skimming Attack WordPress Backdoor

Fake Font Domain Used in Credit Card Skimming Attack

Do Son April 15, 2025

A recent investigation by Sucuri revealed a sophisticated credit card skimming attack on a WordPress website. The...

Joomla Security Alert: Critical SQL Injection & MFA Bypass Vulnerabilities Uncovered Joomla Vulnerability SQL Injection

Joomla Security Alert: Critical SQL Injection & MFA Bypass Vulnerabilities Uncovered

Do Son April 11, 2025

The Joomla Project has issued two security announcements addressing two significant vulnerabilities affecting its CMS and database...

Critical Alert 2 Active Exploits Detected Today