Skip to main content
← All Articles

Tag

#WordPress

19 articles

Advertisement

TH
MEDIUM
Threat Intel

WordPress Formidable Forms Abused to Distribute Malicious PDF Files

Attackers are leveraging the WordPress Formidable Forms plugin to host malicious PDF documents, bypassing security filters to deliver phishing and malware.

Runtime Rebel Intel
4 min read·Jun 29, 2026
ShapedPlugin Supply Chain Attack: WordPress Pro Plugins Backdoored
HIGH
Supply Chain

ShapedPlugin Supply Chain Attack: WordPress Pro Plugins Backdoored

Attackers compromised ShapedPlugin's distribution pipeline to inject backdoors into Pro WordPress plugins. Learn how to detect and remediate this supply chain threat.

Runtime Rebel Intel
4 min read·Jun 23, 2026
VU
HIGH
Vulnerabilities

Gravity SMTP Flaw Exploited: WordPress Data Harvest & Remediation

Attackers are actively exploiting a flaw in the Gravity SMTP WordPress plugin to exfiltrate sensitive data, including API keys and server info. Immediate patching is

Runtime Rebel Intel
4 min read·Jun 22, 2026
CVE-2026-4020: Gravity SMTP Exploit Exposes WordPress API Keys
MEDIUM
Vulnerabilities

CVE-2026-4020: Gravity SMTP Exploit Exposes WordPress API Keys

Unauthenticated attackers are exploiting CVE-2026-4020 in the Gravity SMTP WordPress plugin to extract API keys, secrets, and OAuth tokens from 100,000 sites.

Runtime Rebel Intel
3 min read·Jun 20, 2026
VU
HIGH
Vulnerabilities

CVE-2024-49403: Gravity SMTP Information Disclosure Patch Guidance

Exploitation of CVE-2024-49403 in the Gravity SMTP WordPress plugin allows unauthenticated actors to steal SMTP credentials. Learn how to secure your site now.

Runtime Rebel Intel
3 min read·Jun 20, 2026
SU
HIGH
Supply Chain

OptinMonster 2.6.5 Update: Managing CDN Supply Chain Attack Risks

Learn how the OptinMonster CDN supply chain attack compromised over 1 million WordPress sites and how to mitigate the risk of malicious script injection.

Runtime Rebel Intel
3 min read·Jun 15, 2026
VU
CRITICAL
Vulnerabilities

CVE-2024-3300: Critical Everest Forms Pro Bypass Leads to Site Takeover

Hackers are actively exploiting an authentication bypass in the Everest Forms Pro WordPress plugin (CVE-2024-3300). Update immediately to prevent takeover.

Runtime Rebel Intel
4 min read·Jun 6, 2026
VU
HIGH
Vulnerabilities

WordPress Sites Targeted via Kirki and Burst Statistics Vulnerabilities

Attackers are exploiting unauthenticated stored XSS in Kirki and Burst Statistics plugins to achieve privilege escalation and website takeover.

Runtime Rebel Intel
3 min read·Jun 3, 2026
VU
CRITICAL
Vulnerabilities

CVE-2026-8732: WP Maps Pro Admin Creation Vulnerability Exploited

Critical vulnerability [CVE-2026-8732] in WP Maps Pro allows unauthenticated attackers to create admin accounts, leading to WordPress site takeovers. Patch immediately.

Runtime Rebel Intel
4 min read·Jun 1, 2026
TH
HIGH
Threat Intel

WordPress Sites Targeted by Malware Using Steam Profile Dead-Drops

Over 2,000 WordPress sites compromised in a campaign hiding C2 resolution data within Steam Community profiles. Technical breakdown of the evasion tactics.

Runtime Rebel Intel
4 min read·Jun 1, 2026
VU
CRITICAL
Vulnerabilities

CVE-2024-10642: WP Maps Pro Exploited to Create WordPress Admin Accounts

Attackers are exploiting a critical privilege escalation flaw in the WP Maps Pro WordPress plugin to create rogue admin accounts without authentication.

Runtime Rebel Intel
3 min read·May 31, 2026
Funnel Builder Plugin Exploited for WooCommerce Checkout Skimming
CRITICAL
Vulnerabilities

Funnel Builder Plugin Exploited for WooCommerce Checkout Skimming

Attackers are exploiting a vulnerability in the Funnel Builder WordPress plugin to inject skimming scripts and steal payment data from WooCommerce sites.

Runtime Rebel Intel
3 min read·May 16, 2026