Latest news
Vulnerability
CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites
4 June 2026 dark6
A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset...
Malware
WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography
3 June 2026 dark6
A sophisticated malware campaign has compromised approximately 1,900 WordPress sites using Steam Community profile pages as a covert C2 channel....
Malware
Supply Chain Attack Backdoors Smart Slider 3 Pro: 800,000+ WordPress Sites at Risk
13 April 2026 dark6
Attackers compromised Nextend's update infrastructure to distribute a weaponized version of Smart Slider 3 Pro (v3.5.1.35) for approximately six hours...
Malware
Stealth malware strikes WordPress via MU-Plugins: a technical deep dive
30 March 2025 securebulletin.com
The Sucuri research team has recently uncovered a concerning trend: threat actors are increasingly leveraging the WordPress mu-plugins directory to...
Vulnerability
Critical Remote Code Execution vulnerability discovered in GiveWP WordPress Plugin (CVE-2025-0912)
5 March 2025 securebulletin.com
A critical security vulnerability, identified as CVE-2025-0912, has been discovered in the GiveWP WordPress donation plugin. This flaw potentially exposes...
Malware
WordPress threats targeting website with credit card skimmer
11 January 2025 securebulletin.com
A new wave of cyber threats has emerged, targeting WordPress websites with a sophisticated credit card skimmer that operates through...