wordpress Archives

Hackers Exploit Gravity SMTP WordPress Plugin Vulnerability

John Kevin Hao | June 21, 2026 | Cyber threats and incidents, vulnerability, wordpress

What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress sites. The vulnerability, tracked as ...

CISO Whisperer

BuddyBoss Platform Compromised as Hundreds of Websites Are Hacked

Evan Rowe | March 25, 2026 | BuddyBoss, Cyber threats and incidents, cyberattack, wordpress

What happened BuddyBoss platform compromised as hundreds of websites were hacked in an ongoing supply chain attack targeting the BuddyBoss ecosystem. Cybernews said malicious changes were uploaded to BuddyBoss update servers, where ...

CISO Whisperer

Survey Surfaces Raft of WordPress Cybersecurity Concerns

Michael Vizard | September 3, 2025 | AI, CMS, Cybersecurity, wordpress

A survey of 264 professionals that maintain websites based on the WordPress content management system (CMS) finds 96% have been impacted by at least one security incident/event, with just under two-thirds of ...

Security Boulevard

plugin, WordPress, platforms, products, Security of the WordPress Platform

WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps

Nathan Eddy | January 6, 2025 | Phishing, plugin, wordpress

A WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users. ...

Security Boulevard

Microsoft Windows malware software supply chain

Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors

Jeffrey Burt | December 13, 2024 | cybersecurity professionals, Datadog, Information stealing malware, wordpress

An unknown hacker called MUT-1244 used information-stealing malware to not only grab sensitive data from cybersecurity professionals but also to steal WordPress credentials from other bad actors who had bought them on ...

Security Boulevard

The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks

In episode 336 of the Shared Security Podcast, we discuss the Biden administration’s recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We ...

Shared Security Podcast

A flock of ostriches (or is it a troop?)

WordPress Plugin Supply Chain Attack Gets Worse

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...

Security Boulevard

Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin

Gabi Stapel | February 28, 2024 | CVE, Imperva Threat Research, vulnerability, wordpress

A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and ...

Blog

Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder

Gabi Stapel | February 22, 2024 | Bricks Builder, CVE-2024-25600, imperva, Imperva Threat Research, vulnerability, wordpress

A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a ...

Blog

Code Execution Update: Improve WordPress Security

Wajahat Raja | December 18, 2023 | code execution, Cyber Threats, Cybersecurity, Cybersecurity News, digital security, exploitation, PHP Object Injection, Remote Code Execution, Security Advisory, security patch, threat actors, vulnerability, Website Security, wordpress, WordPress 6.4.2, WordPress Security Best Practices, WordPress update

In the ever-evolving landscape of digital security, WordPress has recently released a critical code execution update, version 6.4.2, addressing a potential threat that could jeopardize the integrity of vulnerable sites. This update, ...

TuxCare

wordpress

Hackers Exploit Gravity SMTP WordPress Plugin Vulnerability

BuddyBoss Platform Compromised as Hundreds of Websites Are Hacked

Survey Surfaces Raft of WordPress Cybersecurity Concerns

WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps

Hacker Uses Info-Stealer Against Security Pros, Other Bad Actors

The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks

WordPress Plugin Supply Chain Attack Gets Worse

Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin

Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder

Code Execution Update: Improve WordPress Security

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On