wordpress security

The “IClickFix” Trap: 3,800+ WordPress Sites Poisoned by Fake CAPTCHAs IClickFix Framework WordPress Watering Hole

IClickFix Framework WordPress Watering Hole

The “IClickFix” Trap: 3,800+ WordPress Sites Poisoned by Fake CAPTCHAs

Do Son February 3, 2026

A massive wave of “watering hole” attacks has turned thousands of legitimate WordPress websites into traps for...

CVE-2025-67968 (CVSS 9.9): Critical Flaw in Real Estate Theme Exposes 30,000 Sites to Takeover RealHomes CRM Vulnerability CVE-2025-67968

RealHomes CRM Vulnerability CVE-2025-67968

CVE-2025-67968 (CVSS 9.9): Critical Flaw in Real Estate Theme Exposes 30,000 Sites to Takeover

Do Son January 26, 2026

A critical security vulnerability has been uncovered in the RealHomes CRM plugin, a core component of the...

Sabotage & Exploited in the Wild: Critical Backdoor Found in LA-Studio Element Kit CVE-2022-45359 LA-Studio Element Kit Backdoor CVE-2026-0920

CVE-2022-45359 LA-Studio Element Kit Backdoor CVE-2026-0920

Sabotage & Exploited in the Wild: Critical Backdoor Found in LA-Studio Element Kit

Do Son January 23, 2026

A critical security incident has rocked the WordPress community after a “backdoor” vulnerability was discovered in the...

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover Academy LMS Vulnerability CVE-2025-15521

Academy LMS Vulnerability CVE-2025-15521

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover

Do Son January 22, 2026

A critical security vulnerability has been unearthed in the Academy LMS plugin for WordPress, a popular tool...

Critical Flaw in “Advanced Custom Fields: Extended” Exposes 100K WordPress Sites to Takeover ACF Extended Vulnerability CVE-2025-14533

ACF Extended Vulnerability CVE-2025-14533

Critical Flaw in “Advanced Custom Fields: Extended” Exposes 100K WordPress Sites to Takeover

Do Son January 20, 2026

A critical security vulnerability has been discovered in Advanced Custom Fields: Extended, a popular WordPress plugin with...

Exploited in the Wild: Critical Modular DS Flaw CVE-2026-23550 (CVSS 10) Allows Instant Admin Takeover

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Exploited in the Wild: Critical Modular DS Flaw CVE-2026-23550 (CVSS 10) Allows Instant Admin Takeover

Do Son January 15, 2026

A critical privilege escalation vulnerability, tracked as CVE-2026-23550 (CVSS 10), has been discovered in the Modular DS...

WooCommerce Phishing Attack: Fake Vulnerability Exploits Store Owners Patchstack

Patchstack

WooCommerce Phishing Attack: Fake Vulnerability Exploits Store Owners

Do Son April 25, 2025

A new phishing campaign is targeting WooCommerce users with fake security vulnerability alerts, attempting to trick them...

Fake Font Domain Used in Credit Card Skimming Attack WordPress Backdoor

WordPress Backdoor

Fake Font Domain Used in Credit Card Skimming Attack

Do Son April 15, 2025

A recent investigation by Sucuri revealed a sophisticated credit card skimming attack on a WordPress website. The...