News

The Hacker News1d

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Critical WordPress flaw CVE-2025-5394 lets attackers take over sites using the "Alone" theme. 120K+ attempts blocked.

Hackers target critical WordPress theme flaw - hundreds of sites at risk from potential takeover, find out if you're affected

All versions up to 7.8.3 contained a vulnerability that allowed threat actors to upload arbitrary files, including malware ...

Hackers actively exploit critical RCE in WordPress Alone theme

Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ...

Dangerous WordPress plugin puts over 160,000 sites at risk - here's what we know

Looking at the download statistics on WordPress.org, 59.8% of all Post SMTP installations are running versions 3.1 and newer, meaning 40.2% of sites are still vulnerable. Since the plugin has more ...
Infosecurity Magazine4d

Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable

More than 10,000 WordPress sites have been left vulnerable to full site takeover due to three critical security flaws discovered in the HT Contact Form Widget for Elementor Page Builder & Gutenberg ...