ALL POSTS

Key Findings A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin bundled with multiple premium WordPress themes. The vulnerability (CVE-2025-6389) allows unauthenticated users to take complete control of a server. Threat actors started exploiting the issue on the same day it was publicly disclosed on November 24th, 2025. The Wordfence Firewall has already blocked over 131,000 exploit attempts targeting this vulnerabi

Key Findings A critical vulnerability, CVE-2025-8489 (CVSS score of 9.8), has been discovered in the WordPress plugin King Addons for Elementor. The flaw allows unauthenticated users to register and instantly gain admin privileges on WordPress sites. Threat actors are actively exploiting the vulnerability, with the Wordfence Firewall blocking over 48,400 exploit attempts since the issue was disclosed. The vulnerability is a privilege escalation issue in versions 24.12.92 to 5