Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

WordPress

20 articles

Wordfence Blog Vulnerability Disclosure WordPress Jun 17

Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin

On March 30th, 2026, we publicly disclosed a Sensitive Information Exposure vulnerability in Gravity SMTP, a WordPress plugin with an estimated 100,000 activ...

Wordfence Blog →

GBHackers Malware WordPress Jun 16

Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain

In April 2026, incident responders traced a sophisticated intrusion that abused compromised WordPress sites to deliver GULoader via an EtherHiding → ClickFix...

GBHackers →

BleepingComputer General WordPress Jun 15

OptinMonster WordPress plugin hacked in CDN supply-chain attack

WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution net...

BleepingComputer →

Infosecurity Magazine General WordPress Jun 15

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Tampered OptinMonster and sister plugins plant hidden backdoors on 1.

Infosecurity Magazine →

Wordfence Blog Vulnerability Disclosure WordPress Jun 10

Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more t...

T1556

Wordfence Blog →

Security Affairs CVE WordPress Jun 8

Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access

Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked.

1 IOC

Security Affairs →

SecurityWeek Vulnerability Disclosure WordPress Jun 8

Everest Forms Vulnerability Exploited to Hack WordPress Sites

The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploite...

SecurityWeek →

Security Affairs Campaigns WordPress Jun 7

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malw...

Security Affairs →

BleepingComputer CVE WordPress Jun 6

Critical Everest Forms Pro flaw exploited to take over WordPress sites

Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPres...

1 IOC

BleepingComputer →

The Hacker News CVE WordPress Jun 5

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arb...

T1190 1 IOC

The Hacker News →

Exploit Database Vulnerability Disclosure WordPress Jun 5

[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

WordPress Contest Gallery 28.1.

Exploit Database →

Infosecurity Magazine Vulnerability Disclosure WordPress Jun 4

Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites

Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts

T1190

Infosecurity Magazine →

SC Media Vulnerability Disclosure WordPress Jun 4

WordPress Kirki plugin vulnerability allows account takeover

The vulnerability, present in Kirki versions 6.0.

SC Media →

Wordfence Blog Vulnerability Disclosure WordPress Jun 3

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 ac...

T1190

Wordfence Blog →

GBHackers CVE WordPress Jun 3

WordPress Plugin Flaw Opens Door to Privilege Escalation Attacks Across 500,000+ Sites

A critical security flaw in the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is exposing sites to account takeover and privil...

T1548 1 IOC

GBHackers →

BleepingComputer CVE WordPress Jun 2

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, includi...

T1548 1 IOC

BleepingComputer →

HackRead TTPs WordPress Jun 2

New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected.

T1071

HackRead →

Security Affairs TTPs WordPress Jun 2

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-a...

T1583

Security Affairs →

SC Media Campaigns WordPress Jun 1

Malware hides in Steam comments to infect WordPress sites

The malware campaign, discovered in July 2025, has affected approximately 1,980 WordPress sites.

SC Media →

SecurityWeek CVE WordPress Jun 1

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vu...

1 IOC

SecurityWeek →

«Previous page 1 2 3 4 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA