CVE-2026-39478

CVE-2026-39478 concerns the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” (versions

New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected...

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence AI tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary'...

CVE-2025-8013

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests ...

CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

CVE-2025-7772

CVE-2025-7772 affects the WordPress plugin Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (

New WordPress Malware Hides on Checkout Pages and Imitates Cloudflare

Wordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection...

WordPress Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal Plugin <= 16.8 is vulnerable to Broken Access Control

Software Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal Type Plugin Vulnerable versions = 16.8 Fixed in 16.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execut...

WordPress Malware Scanner Plugin <= 4.7.1 is vulnerable to Bypass Vulnerability

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-52176 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f6265f1e1b85 Credits Brandon Roldan Required...

Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Researchers have identified a strain of cookie stealing malware injected into a legitimate JavaScript file, that masquerades as a WordPress core domain. Cesar Anjos, a security analyst at Sucuri, a firm that specializes in WordPress security, came across the malware during an incident response...