News

The Hacker News2d
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
A critical OttoKit plugin flaw CVE-2025-3102 exploited within hours lets attackers create admin accounts unchecked.
A key WordPress feature has been hijacked to show malicious code, spam images
Discussing how the sites might have been infected, the researchers said there were multiple ways to compromise a WordPress ...
Bitdefender12d
Hackers exploit little-known WordPress MU-plugins feature to hide malware
A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) ...
The Hacker News12d
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
"wp-content/mu-plugins/custom-js-loader.php," which injects unwanted spam onto the infected website, likely with an intent to ...
Hackers abuse WordPress MU-Plugins to hide malicious code
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page ...