Wordfence

Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)

May 21, 2025

A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated …

Compromised plugins found on WordPress.org

June 26, 2024

An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them …

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

October 14, 2022

Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, …

GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed

November 23, 2021

GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What …

Attackers tried to grab WordPress configuration files from over a million sites

June 5, 2020

A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab …

Nearly a million WordPress sites targeted in extensive attacks

May 6, 2020

A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this …

Attackers are exploiting vulnerable WP plugins to backdoor sites

September 3, 2019

A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …