WordPress
(9 articles)June 1, 2026
WP Maps Pro Flaw Exploited to Create Admin Accounts
A critical WP Maps Pro vulnerability is being actively exploited to create unauthorized admin accounts. Learn how it works and how to protect your site now.
May 31, 2026
WP Maps Pro Bug Lets Hackers Create Admin Accounts
CVE-2026-8732 in WP Maps Pro allows unauthenticated admin account creation. Over 3,600 exploits blocked. Patch to version 6.1.1 immediately.
May 15, 2026
Funnel Builder WordPress Plugin Exploited for Card Theft
A critical Funnel Builder WordPress plugin flaw is actively exploited to inject card skimmers on WooCommerce checkouts. Update to 3.15.0.3 now.
May 15, 2026
Avada Builder Flaws Enable WordPress Credential Theft
Two Avada Builder plugin vulnerabilities affect 1M+ WordPress sites, enabling file reads and SQL injection attacks. Learn what's exposed and how to patch now.
April 23, 2026
Breeze Cache WordPress Plugin File Upload Exploit
CVE-2026-3844 lets unauthenticated attackers upload arbitrary files to WordPress sites running Breeze Cache. 170+ exploits logged. Patch now.
April 15, 2026
WordPress EssentialPlugin Suite Hacked to Push Malware
30+ WordPress plugins in the EssentialPlugin package were backdoored to push malware via updates. Here's what happened and how to protect your site.
April 10, 2026
Smart Slider 3 Pro Backdoor via Nextend Server Breach
Attackers distributed a backdoored Smart Slider 3 Pro update through compromised Nextend servers. Here's what WordPress site owners need to check now.
April 9, 2026
Smart Slider 3 Pro Hijacked to Push Backdoored Updates
Smart Slider 3 Pro version 3.5.1.35 was hijacked to push malicious WordPress and Joomla updates with hidden admin accounts and multi-layer backdoors.
April 7, 2026
Ninja Forms File Upload Flaw: CVE-2026-0740
CVE-2026-0740 in Ninja Forms File Upload allows unauthenticated RCE. Over 3,600 attacks blocked in 24 hours. Update to 3.3.27 now.