Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

WordPress

20 articles

The Hacker News Campaigns WordPress 7h ago

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, th...

The Hacker News →

GBHackers Vulnerability Disclosure WordPress 1d ago

Attackers Exploit WordPress Plugin Vulnerabilities for Remote Code Execution and Webshell Access

A large-scale exploitation campaign is actively weaponising known vulnerabilities across multiple content management systems, with WordPress plugins forming ...

T1190

GBHackers →

GBHackers Vulnerability Disclosure WordPress 2d ago

Over 70% of Public WordPress Sites Running Outdated PHP Exposed to Cyberattacks

A new analysis has revealed a significant security gap within the global web ecosystem. Over 70% of publicly accessible WordPress sites are running outdated,...

GBHackers →

Exploit Database General WordPress 2d ago

[webapps] Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure

Atarim WordPress Plugin 4.2.

Exploit Database →

Exploit Database Vulnerability Disclosure WordPress 3d ago

[webapps] WordPress Bricks Builder Theme - RCE

WordPress Bricks Builder Theme - RCE

Exploit Database →

The Hacker News Malware WordPress Jun 22

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official releas...

T1195

The Hacker News →

SC Media Vulnerability Disclosure WordPress Jun 22

WordPress plugin Gravity SMTP exploited for sensitive information disclosure

The vulnerability resides in an exposed REST API endpoint within the Gravity SMTP plugin.

SC Media →

SecurityWeek Vulnerability Disclosure WordPress Jun 22

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Fla...

SecurityWeek →

The Hacker News CVE WordPress Jun 20

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnera...

1 IOC

The Hacker News →

BleepingComputer Vulnerability Disclosure WordPress Jun 19

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [.

BleepingComputer →

The Hacker News Campaigns WordPress Jun 19

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S.

The Hacker News →

Security Affairs Campaigns WordPress Jun 19

14,971 WordPress Sites Cleaned in Global SocGholish Takedown

Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware.

Security Affairs →

GBHackers CVE WordPress Jun 19

Critical WordPress Plugin Bug Could Allow File Deletion Attacks on 1 Million Sites

A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attack...

1 IOC

GBHackers →

SecurityWeek Campaigns WordPress Jun 19

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown 

Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame. The post 15,000 WordPress Websites Cleane...

T1071

SecurityWeek →

SC Media Malware WordPress Jun 18

Law enforcement disrupts SocGholish botnet and Evil Corp servers

Authorities from the Netherlands, Canada, the United States, and Germany removed the SocGholish malware and backdoors from 14,971 compromised WordPress websi...

SC Media →

Wordfence Blog Vulnerability Disclosure WordPress Jun 18

Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin

On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin...

T1190

Wordfence Blog →

BleepingComputer Malware WordPress Jun 18

Police cleans nearly 15,000 malware-infected sites linked to Evil Corp

International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish...

BleepingComputer →

BleepingComputer Supply Chain WordPress Jun 18

ShapedPlugin update flow hacked to infect WordPress sites

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor'...

T1195

BleepingComputer →

GBHackers CVE WordPress Jun 18

Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data

Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, incl...

1 IOC

GBHackers →

GBHackers Campaigns WordPress Jun 18

Hackers Use AI-Generated YouTube Narrators to Promote Crypto Clipper Malware

A sophisticated social‑engineering campaign is leveraging AI‑generated YouTube narrators, ghost accounts across multiple platforms, and manipulated reputatio...

T1566

GBHackers →

1 2 3 4 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA