WordPress News Articles

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

1 day ago

Critical Everest Forms Pro flaw exploited to take over WordPress sites

Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website.

2 weeks ago

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting CVE-2026-3300, a critical RCE vulnerability (CVSS 9.8) in Everest Forms Pro WordPress plugin (4,000+ installs).

2 weeks ago

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

3 weeks ago

Critical WordPress Plugin Flaw Exposes 15,000 Sites to Instant Admin Takeover

A critical unauthenticated admin account creation flaw in WP Maps Pro (CVE-2026-8732) has triggered over 3,600 exploitation attempts in a single day across 15,000+ sites. The bug in the plugin's temporary access feature allows instant site takeover via a publicly exposed AJAX action. Updates and use...

3 weeks ago

WP Maps Pro WordPress flaw exploited to create admin accounts

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

3 weeks ago

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites - IT Security News

The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…Rea...

3 weeks ago

CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password - IT Security News

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours. WP Maps Pro plugin allows WordPress site owners to embed Google Maps and OpenStreetMap with markers, listings, and location search. It’s a…Read more →

3 weeks ago

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

CVE-2026-8732 lets attackers create admin accounts in WP Maps Pro; 2,858 attacks hit vulnerable sites in 24 hours, risking takeover.

3 weeks ago

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication.

3 weeks ago

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites.

ACF Plugin Vulnerability Exposes 50,000 WordPress Sites to Hackers

Critical ACF plugin flaw exposes 50,000 WordPress sites to hackers gaining full admin access - discover how to protect your website now.

CVE-2025-14533: Critical WordPress Plugin Lapse Puts Over 100,000 Sites at Risk

A critical flaw in the ACF Extended WordPress plugin could give hackers full admin access to over 100,000 sites, prompting urgent patch warnings.

ACF plugin bug gives hackers admin on 50,000 WordPress sites

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions.

WordPress Plugin Vulnerability Exposes 100,000+ Sites to Privilege Escalation Attacks

A critical flaw in the ACF Extended WordPress plugin lets unauthenticated attackers gain admin access on 100,000+ sites.

Three Patches, Zero Fix: WordPress Cache Plugin's Persistent RCE Nightmare

W3 Total Cache RCE flaw bypassed in versions 2.8.13-2.8.15, putting 1M+ WordPress sites at risk despite vendor patches.

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process.

PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks

A proof-of-concept exploit released for unauthenticated command-injection flaw, affecting W3 Total Cache, puts many websites at high risk.

PoC Released for W3 Total Cache RCE Vulnerability Exposing 1+ Million Websites

The vulnerability stems from an unauthenticated command injection flaw in W3 Total Cache's page-caching mechanism.

PoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCE

A PoC exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress's most popular caching plugins.

WordPress Plugin Flaw Exposes Millions to Cyber Threats

Urgent warning for WordPress users: a plugin flaw threatens millions with cyberattacks. Discover how to protect your site from this critical vulnerability now.

Critical vulnerability in the WordPress plugin W3 Total Cache. 430,000 sites at risk!

A critical vulnerability has been discovered in the WordPress plugin W3 Total Cache that allows the execution of arbitrary PHP commands. An urgent update is recommended.

Critical vulnerability in the WordPress plugin W3 Total Cache. 430,000 sites at risk!

A critical vulnerability has been discovered in the WordPress plugin W3 Total Cache that allows the execution of arbitrary PHP commands. An urgent update is recommended.

W3 Total Cache Plugin Exposes Critical PHP Injection Flaw

Critical security alert: W3 Total Cache WordPress plugin exposes PHP command injection vulnerability risking your site’s safety. Act now to protect your data.