Bleeping Computer

Zero-Day in WordPress Plugin Exploited to Create Admin Accounts

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...
ZDNet

WordPress sites under attack as hacker group tries to create rogue admin accounts

A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet. The attacks are an escalation part of a hacking ...
TechRadar

Sneeit WordPress RCE flaw allows hackers to add themselves as admin - here's how to stay safe

WordFence disclosed critical RCE flaw (CVE-2025-6389) in Sneeit Framework plugin, affecting versions ≤8.3 Exploitation allows attackers to create admin accounts, install malicious plugins, and hijack ...
CSOonline

WordPress users not on Windows urged to update due to critical LiteSpeed Cache flaw

Updating to version 6.4 or higher will prevent exploitation of the vulnerability that allows attacker to gain admin access. More than five million WordPress sites are at risk of compromise due to a ...