5 threads tagged with “wordpress”
King Addons for Elementor plugin (10,000+ sites) has two critical unauthenticated vulnerabilities enabling full site takeover. CVE-2025-6327: arbitrary file upload via exposed AJAX handler—attackers c…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
A critical vulnerability in the WP Freeio plugin, used for job board sites, is being actively exploited. The flaw allows unauthenticated attackers to execute arbitrary code or escalate privileges. Sec…
Category: Advisories / WordPress / Plugins
A widespread exploitation campaign targets WordPress websites running outdated GutenKit and Hunk Companion plugins, leveraging CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972 to achieve remote code e…
Category: Threats / Web Security / CMS Exploits
A sophisticated malware campaign has been detected targeting WordPress sites using PHP variable functions and cookie-based obfuscation. The malware fragments code across cookies, reconstructing execut…
Category: Threats / Web Security / Malware
Wordfence details multiple PHP malware samples that abuse variable functions and cookie checks to obfuscate execution and bypass signature-based detection. By reconstructing function names at runtime …
Category: Threat Alerts / Malware & Ransomware / Malware & Ransomware