Hackers Exploit Gravity SMTP Plugin Bug on 100,000 WordPress Sites
A critical bug in the Gravity SMTP plugin is being exploited by hackers on over 100,000 WordPress sites, putting sensitive information at risk. Update to version 2.1.5 or later to patch the vulnerability.
#Wordpress #Smtp #GravitySmtp #Cve20264020 #PluginVulnerability
Hackers Exploit Everest Forms Pro Flaw to Hijack WordPress Sites
More than 29,300 attempted hacks have been blocked by Wordfence, revealing a surge in automated attacks exploiting a critical flaw in the Everest Forms Pro plugin, tracked as CVE-2026-3300. This alarming number highlights the urgent need for WordPress site owners to safeguard against this vulnerability.
#Cve20263300 #Wordpress #EverestFormsPro #PluginVulnerability #MalwareOperations
Hackers Exploit Everest Forms Pro Flaw to Compromise WordPress Sites
A critical vulnerability in Everest Forms Pro, affecting over 4,000 active WordPress installations, has been exploited by hackers to gain remote code execution, allowing them to take control of sites without authorization. A patch has been released, but sites remain at risk if not updated to version 1.9.13 or later.
#RemoteCodeExecution #Cve20263300 #EverestFormsPro #Wordpress #PluginVulnerability
Everest Forms Pro Flaw Exploited for Remote Code Execution
A critical flaw in the Everest Forms Pro WordPress plugin, CVE-2026-3300, has been exploited over 29,300 times, allowing attackers to execute remote code on vulnerable sites. This vulnerability was caused by a simple calculation feature that was not properly sanitized, leaving sites open to unauthenticated attacks.
#RemoteCodeExecution #Cve20263300 #Wordpress #EverestFormsPro #PluginVulnerability
WP Maps Pro Flaw Exploited to Create Admin Accounts
A critical vulnerability in the popular WP Maps Pro plugin, used by over 15,000 WordPress sites, has been exploited to create admin accounts, putting countless websites at risk of complete takeover. This high-severity flaw, tracked as CVE-2026-8732, allows attackers to escalate privileges and gain unrestricted access.
#Wordpress #WpMapsPro #Cve20268732 #PrivilegeEscalation #PluginVulnerability
Hackers Exploit WP Maps Pro Bug to Hijack WordPress Sites
In just 24 hours, over 3,600 hacking attempts were made to exploit a critical flaw in the WP Maps Pro plugin, allowing attackers to create admin accounts and log in without a password. This vulnerability, affecting version 6.1.0 and older, puts countless WordPress sites at risk.
#Wordpress #WpMapsPro #Cve20268732 #PluginVulnerability #EmergingThreats
LiteSpeed Plugin Flaw Exploited to Run Scripts as Root
A critical flaw in the LiteSpeed plugin, CVE-2026-48172, is being actively exploited to give cPanel users unlimited power, allowing them to run scripts as root. This severe vulnerability, rated 10.0 on the CVSS scale, puts your online security at risk and demands immediate attention.
#Cve202648172 #Litespeed #PluginVulnerability #Cpanel #EmergingThreats
Hackers exploit auth flaw in Burst Statistics WordPress plugin
A critical bug in the Burst Statistics WordPress plugin, affecting 200,000 sites, allows hackers to impersonate administrators and gain unauthorized access. This alarming vulnerability, already showing signs of exploitation, puts countless websites at risk.
#Wordpress #Cve20268181 #AuthenticationBypass #Vulnerability #PluginVulnerability
Checkmarx Plugin Sabotaged in Fresh TeamPCP Intrusion
Checkmarx issued a warning on May 9, 2026, that a tampered version of its Jenkins AST plugin had been released on the Jenkins Marketplace, posing a risk to continuous-integration pipelines. The company quickly responded by urging customers to update to a trusted version, 2.0.13-829.vc72453fa_1c16, to safeguard their systems.
#Jenkins #Checkmarx #SupplyChain #PluginVulnerability #EmergingThreats
WordPress Plugin Exposes 70,000 Sites to Backdoor Vulnerability
A shocking security vulnerability has been uncovered in a popular WordPress plugin, leaving over 70,000 sites open to backdoor attacks that can inject malicious code on demand. The issue was discovered in the Quick Page/Post Redirect plugin, which was infected with a hidden backdoor five years ago.
#Wordpress #BackdoorVulnerability #PluginVulnerability #EmergingThreats #WebApplicationSecurity
Analyst207
