Public exploit code has been released for the **"wp2shell" remote code execution vulnerabilities** in WordPress Core, according to [BleepingComputer](https://www.bleepingcomputer.com/news/security/wor
A critical unauthenticated remote code execution vulnerability — tracked as **wp2shell** — was disclosed in WordPress core this week, affecting every site running WordPress 6.9 or 7.0. According to [T
A cybercrime crew running an operation now dubbed **WP-SHELLSTORM** made a costly mistake: they left their own command-and-control server exposed on the public internet for three weeks. Researchers wh
Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the **Gravity SMTP** WordPress plugin, which is installed on approximately 100,000 sites, according to
Attackers have compromised ShapedPlugin's plugin update delivery infrastructure, pushing malware-laced releases directly to WordPress sites through the vendor's own official update system. [Multiple S
Three widely-deployed WordPress plugins — **PushEngage**, **OptinMonster**, and **TrustPulse** — had their JavaScript assets silently tampered with by an attacker, turning trusted plugin files into a
Active exploitation of a critical WordPress plugin, White House AI policy upheaval, and Python's JIT compiler hitting an unexpected governance stop made for a dense Friday in tech.
Threat actors are actively exploiting [CVE-2026-3300](https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html), a critical remote code execution vulnerability in **Everest Forms
Attackers are actively exploiting a critical privilege escalation vulnerability in the Kirki Customizer Framework plugin for WordPress, using it to silently promote themselves to administrator on any
Threat actors are actively exploiting a critical vulnerability in **WP Maps Pro**, a commercial WordPress plugin with over 15,000 sales on Envato Market, to register unauthorized administrator account
Threat actors are actively exploiting a critical authentication bypass vulnerability in **WP Maps Pro**, a commercial WordPress plugin used to embed interactive maps. The flaw lets unauthenticated rem