News

The Hacker News1d
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
A critical OttoKit plugin flaw CVE-2025-3102 exploited within hours lets attackers create admin accounts unchecked.
Bitdefender11d
Hackers exploit little-known WordPress MU-plugins feature to hide malware
A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) ...
A key WordPress feature has been hijacked to show malicious code, spam images
Researchers from Sucuri found malicious code hiding in the mu-plugins directory The malware redirected visitors, served spam, ...
WordPress users beware - these popular theme plugins have some major security issues
Both flaws allow malicious actors to elevate their privileges to admin, gaining full control of the WordPress site, and ...
Searchenginejournal.com1mon
How To Improve Speed And Performance For A WordPress Site
Within Cloudflare, I recommend caching everything except wp-admin and dynamic content, serving stale content while revalidating cache in the background and using their Web Application Firewall ...
The Hacker News11d
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
"wp-content/mu-plugins/custom-js-loader.php," which injects unwanted spam onto the infected website, likely with an intent to ...
Hackers abuse WordPress MU-Plugins to hide malicious code
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page ...