wordpress Archives • Page 3 of 7 • Daily CyberSecurity

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications Auth0 PHP SDK, Critical Vulnerability

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

Do Son June 5, 2025

A newly disclosed vulnerability in the Auth0 PHP SDK—a widely-used authentication toolkit with over 16 million downloads—poses...

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities WordPress Malware, Hidden Plugin

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities

Do Son June 4, 2025

The Wordfence Threat Intelligence team has uncovered a deceptive and highly persistent WordPress malware variant that disguises...

New Malware Campaign: Fake Java Pop-ups on WordPress Trick Users WordPress malware Fake Java update

New Malware Campaign: Fake Java Pop-ups on WordPress Trick Users

Do Son May 29, 2025

Security researchers at Sucuri have uncovered a stealthy malware campaign that hijacks WordPress websites to display fake...

WooCommerce Wishlist vulnerability CVE-2025-47577

Unpatched & Critical (CVSS 10): TI WooCommerce Wishlist Vulnerability Affects 100K+ Sites

Do Son May 27, 2025

Researchers have discovered a critical security vulnerability in the TI WooCommerce Wishlist plugin, a widely-used tool that...

Warning: New Malvertising Campaign Uses Fake Cloudflare Pages to Deliver Malware Fake Cloudflare page, WordPress theme malware

Warning: New Malvertising Campaign Uses Fake Cloudflare Pages to Deliver Malware

Do Son May 24, 2025

A new wave of deceptive attacks is weaponizing the trusted Cloudflare brand to deliver Windows-based malware through...

Stealthy Skimmer: New Formjacking Malware Targets WooCommerce Checkouts WooCommerce formjacking, stealthy skimmer

Stealthy Skimmer: New Formjacking Malware Targets WooCommerce Checkouts

Do Son May 23, 2025

The Wordfence Threat Intelligence Team has uncovered a new and deeply stealthy formjacking malware targeting WooCommerce, the...

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover Motors WordPress theme vulnerability CVE-2025-4322

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover

Do Son May 20, 2025

A critical vulnerability has been discovered in the Motors WordPress theme, a popular premium theme with over...

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites Houzez theme - CVE-2024-22303 and CVE-2024-21743

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites

Do Son May 20, 2025

Imperva researchers have disclosed a newly discovered vulnerability in WordPress that could expose sensitive draft and private...

CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites Privilege Escalation, WordPress Plugin

CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites

Do Son May 16, 2025

A high-severity vulnerability in a popular WordPress event management plugin has been disclosed and patched, raising alarms...

82,000+ WordPress Sites at Risk: TheGem Theme Vulnerabilities Allow Full Site Takeover WordPress vulnerabilities TheGem, WordPress Vulnerability

WordPress vulnerabilities TheGem, WordPress Vulnerability

82,000+ WordPress Sites at Risk: TheGem Theme Vulnerabilities Allow Full Site Takeover

Do Son May 14, 2025

In a recent disclosure by Wordfence, two serious vulnerabilities have been discovered in TheGem, a popular premium...

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin Greenshift plugin WordPress vulnerability

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin

Do Son April 21, 2025

A critical vulnerability affecting the popular WordPress plugin Greenshift – animation and page builder blocks has come...

RomethemeKit Elementor Plugin Flaw Enables RCE: CVE-2025-30911 RomethemeKit, Elementor

RomethemeKit Elementor Plugin Flaw Enables RCE: CVE-2025-30911

Do Son April 17, 2025

A newly disclosed vulnerability in the popular RomethemeKit For Elementor WordPress plugin—installed on over 30,000 active sites—could...

Critical Vulnerabilities & Major Cyberattacks: April 7-13 Recap weekly cybersecurity, critical vulnerabilities

Critical Vulnerabilities & Major Cyberattacks: April 7-13 Recap

Do Son April 13, 2025

The cybersecurity landscape has witnessed significant activity over the past week (April 7th – April 13th), with...

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites Everest Forms Vulnerability WordPress Plugin Security

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites

Do Son April 12, 2025

A critical security vulnerability has been discovered in the Everest Forms WordPress plugin, putting over 100,000 websites...

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability InstaWP Connect Vulnerability WordPress Plugin Security

InstaWP Connect Vulnerability WordPress Plugin Security

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability

Do Son April 11, 2025

A severe security vulnerability has been identified in the InstaWP Connect WordPress plugin, posing a significant risk...

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover WordPress Vulnerability SureTriggers

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover

Do Son April 10, 2025

A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the...

50K+ WordPress Sites Exposed: Admin Takeover via Uncanny Automator CVE-2025-2075

50K+ WordPress Sites Exposed: Admin Takeover via Uncanny Automator

Do Son April 5, 2025

A vulnerability has surfaced in the popular WordPress plugin, Uncanny Automator, leaving over 50,000 websites potentially exposed...

WordPress Plugin CVE-2025-2563 Scores 9.8, Threatens Thousands of Membership Sites

Do Son March 27, 2025

A critical security vulnerability has been discovered in the “User Registration & Membership” WordPress plugin, a popular...

Critical WordPress Plugin Vulnerability Exposes Over 40,000 Websites to Code Execution Attacks

Do Son March 20, 2025

A critical security vulnerability has been discovered in the popular Age Gate plugin for WordPress, potentially exposing...

Critical Flaw Exposes 100,000+ WooCommerce Sites: Unauthenticated File Inclusion Threatens Total Takeover

Do Son March 11, 2025

A severe vulnerability has been discovered in the popular WordPress plugin “HUSKY – WooCommerce Products Filter Professional,”...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

wordpress

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

New WordPress Malware Masquerades as Legit Plugin with Data Exfiltration and RCE Capabilities

New Malware Campaign: Fake Java Pop-ups on WordPress Trick Users

Unpatched & Critical (CVSS 10): TI WooCommerce Wishlist Vulnerability Affects 100K+ Sites

Warning: New Malvertising Campaign Uses Fake Cloudflare Pages to Deliver Malware

Stealthy Skimmer: New Formjacking Malware Targets WooCommerce Checkouts

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites

CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites

82,000+ WordPress Sites at Risk: TheGem Theme Vulnerabilities Allow Full Site Takeover

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin

RomethemeKit Elementor Plugin Flaw Enables RCE: CVE-2025-30911

Critical Vulnerabilities & Major Cyberattacks: April 7-13 Recap

Critical Vulnerability in Everest Forms Plugin Threatens WordPress Sites

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover

50K+ WordPress Sites Exposed: Admin Takeover via Uncanny Automator

WordPress Plugin CVE-2025-2563 Scores 9.8, Threatens Thousands of Membership Sites

Critical WordPress Plugin Vulnerability Exposes Over 40,000 Websites to Code Execution Attacks

Critical Flaw Exposes 100,000+ WooCommerce Sites: Unauthenticated File Inclusion Threatens Total Takeover