wordpress Archives • Daily CyberSecurity

ErrTraffic Malware Spreads ClickFix Lures via Hacked WordPress Sites hacker-security

ErrTraffic Malware Spreads ClickFix Lures via Hacked WordPress Sites

Do Son June 22, 2026

At a glance Malware family ErrTraffic (ClickFix distribution framework / TDS, sold as MaaS) Threat actor Sold...

1M WordPress Sites at Risk: Critical Unauthenticated Arbitrary File Deletion in Avada Builder (CVSS 9.1) Avada Builder vulnerability CVE-2026-8713 unauthenticated arbitrary file deletion in WordPress

Avada Builder vulnerability CVE-2026-8713 unauthenticated arbitrary file deletion in WordPress

1M WordPress Sites at Risk: Critical Unauthenticated Arbitrary File Deletion in Avada Builder (CVSS 9.1)

Do Son June 19, 2026

Around one million WordPress sites just got an urgent reason to patch. A critical Avada Builder...

Active Gravity SMTP Vulnerability Exploited in the Wild Gravity SMTP Vulnerability CVE-2026-4020 exploit statistics

Active Gravity SMTP Vulnerability Exploited in the Wild

Do Son June 17, 2026

A critical Gravity SMTP vulnerability is currently facing active exploitation in the wild. Consequently, WordPress site administrators...

ShapedPlugin Supply Chain Attack CVE-2026-10735, CVE-2026-49777, WordPress Plugin Malware

ShapedPlugin Supply Chain Attack Exposes WordPress Sites

Do Son June 16, 2026

A dangerous ShapedPlugin supply chain attack is currently threatening WordPress websites. Security researchers at Wordfence discovered this...

Uncanny Automator Breach: Backdoored Plugin Build Hit WordPress Sites

Do Son June 15, 2026

A serious Uncanny Automator breach has exposed customer data and pushed a malicious plugin update to live...

Critical UpdraftPlus CVE-2026-10795 Exploit Targets Millions UpdraftPlus CVE-2026-10795, UpdraftPlus authentication bypass, WordPress plugin vulnerability, CVE-2026-10795

UpdraftPlus CVE-2026-10795, UpdraftPlus authentication bypass, WordPress plugin vulnerability, CVE-2026-10795

Critical UpdraftPlus CVE-2026-10795 Exploit Targets Millions

Do Son June 10, 2026

Cybersecurity experts recently identified a massive threat to WordPress websites. Specifically, hackers are actively exploiting a critical...

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover WordPress Account Takeover CVE-2026-7567

40,000+ Sites Exposed: Critical 9.8 CVSS Flaw Grants Total WordPress Account Takeover

Do Son May 2, 2026

A security vulnerability has been identified in Temporary Login, a popular WordPress plugin designed to provide secure,...

200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover Perfmatters Vulnerability WordPress Site Takeover

200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover

Do Son April 3, 2026

Researchers expose a critical vulnerability in Perfmatters, a popular performance-optimization WordPress plugin with over 200,000 active installations....

The Designer in the Machine: How WordPress’s New AI Concierge is Killing Layout Frustration WordPress Persistent AI Assistant

The Designer in the Machine: How WordPress’s New AI Concierge is Killing Layout Frustration

Do Son February 19, 2026

For many nascent web developers and site administrators, the primary source of frustration lies not within the...

Ghost Folders: “Directory Shadowing” Hack Hijacks WordPress SEO WordPress Directory Shadowing SEO Spam Malware

Ghost Folders: “Directory Shadowing” Hack Hijacks WordPress SEO

Do Son February 5, 2026

A new and stealthy malware campaign is targeting WordPress sites, turning trusted pages into billboards for online...

New WordPress Phishing Scam Steals Credit Cards via Telegram Telegram Exfiltration, WordPress Phishing

New WordPress Phishing Scam Steals Credit Cards via Telegram

Do Son January 5, 2026

A sophisticated new phishing campaign is targeting WordPress site owners with fake “domain renewal” notices, tricking victims...

Critical WordPress Flaw (CVE-2025-6389) Under Active Exploitation Allows Unauthenticated RCE WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Critical WordPress Flaw (CVE-2025-6389) Under Active Exploitation Allows Unauthenticated RCE

Do Son December 4, 2025

A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin...

Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites ACF Extended RCE, Unauthenticated Code Execution

ACF Extended RCE, Unauthenticated Code Execution

Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites

Do Son December 3, 2025

A critical security vulnerability carrying a near-maximum severity score has been discovered in “Advanced Custom Fields: Extended,”...

Critical Elementor Plugin Flaw (CVE-2025-8489, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Critical Elementor Plugin Flaw (CVE-2025-8489, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover

Do Son December 3, 2025

A critical security flaw in a popular WordPress plugin has triggered a massive wave of exploitation attempts,...

Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE Sneeit Framework RCE, Unauthenticated RCE

Sneeit Framework RCE, Unauthenticated RCE

Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE

Do Son November 25, 2025

A newly disclosed critical vulnerability in the Sneeit Framework — a widely used WordPress plugin powering premium...

Critical W3 Total Cache Flaw (CVE-2025-9501, CVSS 9.0) Risks Unauthenticated RCE on 1 Million WordPress Sites W3 Total Cache RCE, Unauthenticated Command Injection

W3 Total Cache RCE, Unauthenticated Command Injection

Critical W3 Total Cache Flaw (CVE-2025-9501, CVSS 9.0) Risks Unauthenticated RCE on 1 Million WordPress Sites

Do Son November 18, 2025

A newly disclosed high-severity security flaw in the widely used W3 Total Cache (W3TC) plugin is putting...

Critical CVE-2025-11749 Flaw in AI Engine Plugin Exposes WordPress Sites to Full Compromise AI Engine Auth Bypass, CVE-2025-11749 Exploited

Critical CVE-2025-11749 Flaw in AI Engine Plugin Exposes WordPress Sites to Full Compromise

Do Son November 5, 2025

Researchers at Wordfence have disclosed a critical vulnerability (CVE-2025-11749, CVSS 9.8) in the popular AI Engine WordPress...

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect ShopLentor LFI RCE, WooCommerce Plugin Flaw

ShopLentor LFI RCE, WooCommerce Plugin Flaw

Critical WooCommerce Plugin Flaw (CVE-2025-12493, CVSS 9.8) Allows Unauthenticated RCE, 100,000+ Sites Affect

Do Son November 5, 2025

A critical-severity Local File Inclusion (LFI) flaw in the popular WordPress plugin ShopLentor – WooCommerce Builder for...

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack