Funnel Builder WordPress plugin bug exploited to steal credit cards

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages.

Avada Builder WordPress plugin flaws allow site credential theft

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow ...

Over a million WordPress sites hit in plugin flaw — here's what we know

A popular WordPress plugin was found carrying two flaws that can cause data leaks.
SecurityWeek

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...

"Copy Fail" is a rare Linux bug that can turn an unprivileged user into a root admin in seconds

Copy Fail could represent a significant security risk in the making. The vulnerability was discovered by researchers at Theori, who investigated the Linux ...
ZDNet

The best WordPress hosting services of 2026: Expert tested and reviewed

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
tech2geek

Massive WordPress Supply Chain Attack: 31 Plugins Compromised After Silent Malware Injection

A highly sophisticated supply chain attack has recently shaken the WordPress ecosystem, exposing a critical weakness in how trusted plugins are managed and updated. Unlike typical hacks that exploit ...
TechRepublic

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. A web developer discovered dozens of malicious ...
TechSpot

Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk

A hot potato: WordPress plugins can significantly expand the native capabilities of the popular content management system, but they can also become a double edged sword. When malicious code finds its ...
TechRadar

WordPress websites under attack — expert report says dozens of plugins hijacked to target thousands of sites

Malicious actor bought 31 WordPress plugins from Essential Plugin Updates injected backdoors, granting full site access Spam campaigns hidden from owners, C2 resolved via Ethereum smart contract A ...
cybernews

WordPress plugins taken offline after a developer found 30 injected with malicious code

Dozens of WordPress plugins have been compromised by an unknown actor who planted backdoors in popular add-ons after buying them for hundreds of thousands of dollars. WordPress developer and founder ...
TechCrunch

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on ...