WordPress
-
Critical Modular DS WordPress plugin flaw exploited in the wild
A CVE-2026-23550 privilege escalation in the Modular DS WordPress plugin is being exploited in the wild. The flaw is patched in version 2.5.2. Update immediately and check for unexpected admin users or malicious changes.
-
Microsoft disrupts RedVDS cybercrime subscription service in U.S. and U.K. action
Microsoft executed coordinated legal action in the U.S. and U.K. to seize RedVDS infrastructure and take its sites offline. RedVDS activity has driven about US $40 million in reported U.S. fraud losses since March 2025.
-
Critical Sneeit WordPress plugin RCE actively exploited, security firm reports
A critical remote code execution flaw (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being exploited in the wild; Wordfence said attackers have created admin accounts and uploaded web shells. The issue affects versions up to 8.3 and was fixed in 8.4. Separately, VulnCheck observed an ICTBroadcast exploit delivering a DDoS botnet called “frost.”
-
Critical privilege-escalation flaw in King Addons plugin under active exploitation
A high-severity privilege-escalation vulnerability (CVE-2025-8489, CVSS 9.8) in the King Addons for Elementor WordPress plugin is being actively exploited; administrators should update to version 51.1.35, audit for suspicious admin users, and monitor for unusual activity.
-
Critical command injection flaw found in W3 Total Cache WordPress plugin
A critical unauthenticated command injection in the W3 Total Cache WordPress plugin (CVE-2025-9501) can allow PHP code execution via a malicious comment. The developer issued a patch in version 2.8.13 on Oct. 20, but hundreds of thousands of sites may still be unpatched; WPScan plans to publish a proof-of-concept on Nov. 24.
-
Critical authentication bypass in JobMonster WordPress theme exploited, users urged to patch
A critical authentication bypass (CVE-2025-5397) in the JobMonster WordPress theme is being actively targeted; Wordfence blocked multiple attempts. The flaw affects versions up to 4.8.1, requires social login to be enabled, and was fixed in version 4.8.2. Administrators should update or disable social login and enable two-factor authentication.
-
Mass attacks exploit outdated GutenKit and Hunk Companion WordPress plugins
A mass exploitation campaign is targeting WordPress sites running outdated GutenKit and Hunk Companion plugins, leveraging three critical vulnerabilities that can lead to remote code execution; Wordfence said it blocked 8.7 million attack attempts over two days and urged administrators to update plugins and check for indicators of compromise.
-
Attackers exploiting critical auth-bypass flaw in Service Finder WordPress theme
Security researchers at Wordfence say attackers are actively exploiting CVE-2025-5947, a critical authentication-bypass flaw in the Service Finder WordPress theme that can give attackers administrator access; a patch was released in version 6.1 and administrators are urged to update or stop using the theme.
-
Researchers say Chinese-speaking group UAT-8099 uses IIS servers for global SEO fraud
Researchers say a Chinese-speaking group dubbed UAT-8099 has been exploiting Microsoft IIS servers to run SEO fraud and steal credentials and certificate data, using web shells, Cobalt Strike and a modified BadIIS backdoor across targets in Asia and the Americas.
-
Ukrainian Network FDN3 Linked to Massive Brute-Force Campaign Against SSL VPNs and RDP Devices
A Ukraine-based IP network, FDN3, is linked to a broad abusive infrastructure conducting large-scale brute-force and password-spraying campaigns against SSL VPN and RDP devices, with activity spanning June to July 2025 and connections to offshore bulletproof hosting groups.
