Tag

#WordPress

8 stories taggedWordPress.

Threat Intelligence

ShapedPlugin's Update Channel Hijacked, Pro Plugins Shipped with Backdoor

Attackers slipped malicious code into licensed Pro releases by compromising the vendor's own build pipeline — a clean supply-chain hit on WordPress installs.

2 min
Vulnerabilities

Gravity SMTP Flaw Under Active Exploitation, Leaks API Keys and OAuth Tokens

CVE-2026-4020 lets unauthenticated attackers pull secrets from roughly 100,000 WordPress installs running the mail plugin.

2 min
Policy & Regulation

Operation Endgame Sweep Takes Down SocGholish Loader Infrastructure

Dutch-led coalition disrupts servers and remediates 14,971 compromised WordPress sites, in the latest tranche of the multinational takedown effort.

2 min
Threat Intelligence

Trusted Plugin Scripts Weaponized in Admin-Aware WordPress Supply-Chain Hit

Tampered JavaScript served from PushEngage, OptinMonster and TrustPulse fingerprinted logged-in admins before silently provisioning rogue accounts and a stealth plugin.

3 min
Vulnerabilities

Everest Forms Pro RCE Under Active Exploitation on WordPress Sites

CVE-2026-3300 carries a 9.8 CVSS. Attackers are using it to take over sites running unpatched versions of the premium form-builder plugin.

3 min
Vulnerabilities

Privilege Escalation Attacks Hit Kirki and Burst Statistics WordPress Plugins

Threat actors are actively exploiting flaws in two widely-used WordPress plugins to grab admin access and seize site control.

2 min
Vulnerabilities

Unauthenticated Admin-Account Bug in WP Maps Pro Draws Active Exploitation

CVE-2026-8732 lets attackers create administrator accounts without credentials — and exploitation is already underway against live WordPress installations.

2 min
Vulnerabilities

Attackers Hammer WP Maps Pro Flaw to Mint Admin Accounts on WordPress Sites

A critical bug in the 15,000-install Envato plugin is being weaponized in the wild to seed rogue administrators.

3 min
© 2026 Threat Vectr