top of page
ALL POSTS
Global SocGholish Takedown: Nearly 15,000 WordPress Sites Cleaned in Major Operation
Key Findings Operation EndGame, a coordinated international law enforcement action, dismantled SocGholish infrastructure on June 18, 2026 106 servers and domains taken down globally; 14,971 compromised WordPress sites remediated Law enforcement from Netherlands, Canada, United States, and Germany executed the coordinated takedown with support from Europol SocGholish serves as initial access broker for major ransomware families including LockBit, RansomHub, and WastedLocker Be
Jun 193 min read
Critical WordPress Vulnerabilities: Valve Platform and Forms Plugin Exploited for Web Shell Distribution
Key Findings Gaming platform profiles weaponized to distribute WordPress web shells via invisible Unicode steganography Nearly 2,000 websites compromised through Steam profile command injection technique Critical Everest Forms Pro vulnerability (CVE-2026-3300, CVSS 9.8) actively exploited to create rogue admin accounts Attackers using cookie-authenticated backdoors to maintain persistent access and rewrite code remotely Over 17,900 exploit attempts blocked in single day as at
Jun 43 min read
WordPress Malware Hides C2 Instructions in Steam Profile Comments
Key Findings New malware campaign discovered on approximately 1,980 WordPress sites using Steam Community profile comments to store encoded command-and-control instructions Malware uses invisible Unicode characters hidden within visible Steam profile comments to deliver payloads, making detection difficult Infected sites load external malicious JavaScript and contain a server-side backdoor capable of modifying PHP files for persistent access Campaign first detected in July 20
Jun 23 min read
CVE-2026-8732: WP Maps Pro Vulnerability Allows Unauthorized WordPress Admin Account Creation Without Password
Key Findings CVE-2026-8732 in WP Maps Pro allows unauthenticated attackers to create WordPress administrator accounts remotely CVSS score of 9.8 indicates critical severity Over 2,858 attacks blocked in 24 hours, indicating active mass exploitation Affects all versions through 6.1.0; patched in version 6.1.1 released May 20, 2026 Plugin installed on 15,000+ WordPress sites according to Envato Market sales data Exploitation began before most site owners had time to patch after
Jun 13 min read
Over 400,000 WordPress Sites Vulnerable to Breeze Cache Plugin Exploit (CVE-2026-3844)
Key Findings Critical vulnerability (CVE-2026-3844, CVSS 9.8) in Breeze Cache WordPress plugin allows unauthenticated file uploads Over 400,000 websites currently affected by the flaw Wordfence detected 170+ active attacks, with 3,936 blocked in 24 hours alone Vulnerability requires "Host Files Locally – Gravatars" option to be enabled, which is disabled by default Affects all versions up to 2.4.4; patch available in version 2.4.5 Background Breeze Cache is a popular free Wor
Apr 262 min read
Devastating WordPress Vulnerability (CVE-2025-6389) Enables Unauthenticated Remote Code Execution
Key Findings A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin bundled with multiple premium WordPress themes. The vulnerability (CVE-2025-6389) allows unauthenticated users to take complete control of a server. Threat actors started exploiting the issue on the same day it was publicly disclosed on November 24th, 2025. The Wordfence Firewall has already blocked over 131,000 exploit attempts targeting this vulnerabi
Dec 4, 20251 min read
WordPress King Addons Plugin Vulnerability Allows Admin Takeover
Key Findings A critical vulnerability, CVE-2025-8489 (CVSS score of 9.8), has been discovered in the WordPress plugin King Addons for Elementor. The flaw allows unauthenticated users to register and instantly gain admin privileges on WordPress sites. Threat actors are actively exploiting the vulnerability, with the Wordfence Firewall blocking over 48,400 exploit attempts since the issue was disclosed. The vulnerability is a privilege escalation issue in versions 24.12.92 to 5
Dec 3, 20251 min read
bottom of page
