Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed ...
More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. A web developer discovered dozens of malicious ...
An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
A hot potato: WordPress plugins can significantly expand the native capabilities of the popular content management system, but they can also become a double edged sword. When malicious code finds its ...
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. A malicious actor planted the backdoor ...
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Malicious actor bought 31 WordPress plugins from Essential Plugin Updates injected backdoors, ...
Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on ...
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. Identified as ...
A tainted version was pushed as an update to more than 800,000 active websites.
More than 30 popular WordPress plugins were removed after investigators found backdoors inserted by a new owner following a business sale. The malicious code remained dormant for months before being ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results