CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...

‘EtherHiding’: Nation-state and cybercriminal groups are leveraging smart contracts as command-and-control servers for deliveing malicious payloads hidden on blockchains. Nation-state threat actors ...

Audit strings in a project. wp i18n audit <source> [--slug=<slug>] [--domain=<domain>] [--ignore-domain] [--include=<paths>] [--exclude=<paths>] [--skip-js] [--skip ...

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting ...

We are a weekly podcast and newsletter made to deliver quick and relevant JavaScript updates in just under 4 minutes. We are a weekly podcast and newsletter made to deliver quick and relevant ...

In a nutshell: JavaScript is about to become a matter of legal proceedings between competing parties. Oracle claims ownership of the trademark, but the company will now have to defend its questionable ...

Cybersecurity researchers have spotted a massive campaign targeting WordPress websites for use in pushing malicious plugins. Threat actors turned over 6,000 WordPress ...

WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. Over the past couple of years, information-stealing ...

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The ...