Skip to main content
RuntimeRebel
← All Articles

Tag

#WordPress

12 articles

Advertisement

VU
HIGH
Vulnerabilities

WordPress Sites Targeted via Kirki and Burst Statistics Vulnerabilities

Attackers are exploiting unauthenticated stored XSS in Kirki and Burst Statistics plugins to achieve privilege escalation and website takeover.

Runtime Rebel Intel
3 min read·Jun 3, 2026
VU
CRITICAL
Vulnerabilities

CVE-2026-8732: WP Maps Pro Admin Creation Vulnerability Exploited

Critical vulnerability [CVE-2026-8732] in WP Maps Pro allows unauthenticated attackers to create admin accounts, leading to WordPress site takeovers. Patch immediately.

Runtime Rebel Intel
4 min read·Jun 1, 2026
TH
HIGH
Threat Intel

WordPress Sites Targeted by Malware Using Steam Profile Dead-Drops

Over 2,000 WordPress sites compromised in a campaign hiding C2 resolution data within Steam Community profiles. Technical breakdown of the evasion tactics.

Runtime Rebel Intel
4 min read·Jun 1, 2026
VU
CRITICAL
Vulnerabilities

CVE-2024-10642: WP Maps Pro Exploited to Create WordPress Admin Accounts

Attackers are exploiting a critical privilege escalation flaw in the WP Maps Pro WordPress plugin to create rogue admin accounts without authentication.

Runtime Rebel Intel
3 min read·May 31, 2026
Funnel Builder Plugin Exploited for WooCommerce Checkout Skimming
CRITICAL
Vulnerabilities

Funnel Builder Plugin Exploited for WooCommerce Checkout Skimming

Attackers are exploiting a vulnerability in the Funnel Builder WordPress plugin to inject skimming scripts and steal payment data from WooCommerce sites.

Runtime Rebel Intel
3 min read·May 16, 2026
VU
CRITICAL
Vulnerabilities

Funnel Builder WordPress Plugin Exploited for Credit Card Skimming

Critical vulnerability in Funnel Builder WordPress plugin actively exploited to inject credit card skimming JavaScript into WooCommerce checkout pages.

Runtime Rebel Intel
5 min read·May 15, 2026
VU
HIGH
Vulnerabilities

WordPress Quick Page/Post Redirect Backdoor: Arbitrary Code Injection

A dormant backdoor in the Quick Page/Post Redirect WordPress plugin allowed arbitrary code injection for five years on over 70,000 sites. Learn mitigation.

Runtime Rebel Intel
5 min read·Apr 30, 2026
VU
CRITICAL
Vulnerabilities

CVE-2024-52317: Critical File Upload Bug in Breeze Cache — Patch Now

Attackers are actively exploiting a critical unauthenticated file upload vulnerability (CVE-2024-52317) in the Breeze Cache WordPress plugin.

Runtime Rebel Intel
3 min read·Apr 24, 2026
VU
CRITICAL
Vulnerabilities

Critical RCE Threats: Confluence OGNL & Exchange Server Patching

Runtime Rebel analyzes critical RCE vulnerabilities affecting Atlassian Confluence and Microsoft Exchange Server, alongside a high-severity SQLi in WP Reset.

Runtime Rebel Intel
5 min read·Apr 23, 2026
VU
MEDIUM
Vulnerabilities

Smart Slider 3 Vulnerability: Patch CVE-2024-11116 File Read Flaw

A file read vulnerability in Smart Slider 3 affects over 800,000 WordPress sites. Authenticated users can access sensitive server files via CVE-2024-11116.

Runtime Rebel Intel
3 min read·Mar 29, 2026
VU
HIGH
Vulnerabilities

Elementor Ally Plugin SQLi: Unauthenticated Data Theft Risk

An unauthenticated SQL injection vulnerability in the Elementor Ally WordPress plugin affects over 400,000 sites, risking sensitive data exposure.

Runtime Rebel Intel
4 min read·Mar 11, 2026
VU
CRITICAL
Vulnerabilities

WordPress User Registration & Membership Plugin: Admin Account Exploit

Critical vulnerability in WordPress User Registration & Membership plugin actively exploited to create unauthorized admin accounts. Immediate update or removal is

Runtime Rebel Intel
4 min read·Mar 5, 2026