Advertisement
WordPress Formidable Forms Abused to Distribute Malicious PDF Files
Attackers are leveraging the WordPress Formidable Forms plugin to host malicious PDF documents, bypassing security filters to deliver phishing and malware.

ShapedPlugin Supply Chain Attack: WordPress Pro Plugins Backdoored
Attackers compromised ShapedPlugin's distribution pipeline to inject backdoors into Pro WordPress plugins. Learn how to detect and remediate this supply chain threat.
Gravity SMTP Flaw Exploited: WordPress Data Harvest & Remediation
Attackers are actively exploiting a flaw in the Gravity SMTP WordPress plugin to exfiltrate sensitive data, including API keys and server info. Immediate patching is

CVE-2026-4020: Gravity SMTP Exploit Exposes WordPress API Keys
Unauthenticated attackers are exploiting CVE-2026-4020 in the Gravity SMTP WordPress plugin to extract API keys, secrets, and OAuth tokens from 100,000 sites.
CVE-2024-49403: Gravity SMTP Information Disclosure Patch Guidance
Exploitation of CVE-2024-49403 in the Gravity SMTP WordPress plugin allows unauthenticated actors to steal SMTP credentials. Learn how to secure your site now.
OptinMonster 2.6.5 Update: Managing CDN Supply Chain Attack Risks
Learn how the OptinMonster CDN supply chain attack compromised over 1 million WordPress sites and how to mitigate the risk of malicious script injection.
CVE-2024-3300: Critical Everest Forms Pro Bypass Leads to Site Takeover
Hackers are actively exploiting an authentication bypass in the Everest Forms Pro WordPress plugin (CVE-2024-3300). Update immediately to prevent takeover.
WordPress Sites Targeted via Kirki and Burst Statistics Vulnerabilities
Attackers are exploiting unauthenticated stored XSS in Kirki and Burst Statistics plugins to achieve privilege escalation and website takeover.
CVE-2026-8732: WP Maps Pro Admin Creation Vulnerability Exploited
Critical vulnerability [CVE-2026-8732] in WP Maps Pro allows unauthenticated attackers to create admin accounts, leading to WordPress site takeovers. Patch immediately.
WordPress Sites Targeted by Malware Using Steam Profile Dead-Drops
Over 2,000 WordPress sites compromised in a campaign hiding C2 resolution data within Steam Community profiles. Technical breakdown of the evasion tactics.
CVE-2024-10642: WP Maps Pro Exploited to Create WordPress Admin Accounts
Attackers are exploiting a critical privilege escalation flaw in the WP Maps Pro WordPress plugin to create rogue admin accounts without authentication.

Funnel Builder Plugin Exploited for WooCommerce Checkout Skimming
Attackers are exploiting a vulnerability in the Funnel Builder WordPress plugin to inject skimming scripts and steal payment data from WooCommerce sites.