News

The Hacker News5h
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Critical WordPress flaw CVE-2025-5394 lets attackers take over sites using the "Alone" theme. 120K+ attempts blocked.
Hackers actively exploit critical RCE in WordPress Alone theme
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ...
Dangerous WordPress plugin puts over 160,000 sites at risk - here's what we know
Looking at the download statistics on WordPress.org, 59.8% of all Post SMTP installations are running versions 3.1 and newer, meaning 40.2% of sites are still vulnerable. Since the plugin has more ...
Bleeping Computer2mon
Premium WordPress 'Motors' theme vulnerable to admin takeover attacks
StylemixThemes released Motors version 5.6.68, which addresses CVE-2025-4322 on May 14, 2025.
Infosecurity Magazine2d
Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable
More than 10,000 WordPress sites have been left vulnerable to full site takeover due to three critical security flaws ...
The Hacker News7d
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access
Malware hidden in WordPress mu-plugins grants attackers full access and admin control, putting websites and users at serious ...