Hacked sites deliver Vidar infostealer to Windows users

In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaig...

Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites

Our analysis of an active KongTuke campaign deploying modeloRAT — malware capable of reconnaissance, command execution, and persistent access — through compromised WordPress sites and fake CAPTCHA lures shows that the group still operates this delivery chain in parallel with the newer CrashFix...

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript aka JScript malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security...

PT-2025-50907

Name of the Vulnerable Software and Affected Versions PenciDesign Soledad versions n/a through 8.6.9 Description A flaw exists in PenciDesign Soledad that allows for privilege escalation. This allows subscribers to take over WordPress sites. Recommendations Update PenciDesign Soledad to a version...

PT-2025-46276

Name of the Vulnerable Software and Affected Versions Fleet Manager plugin for WordPress versions prior to 2.5.1 Description The Fleet Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows...

400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic AMOS, Lumma, Rhadamanthys aka RADTHIEF, and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is...

EUVD-2023-51659

Malicious code in bioql PyPI...

600,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Fluent Forms WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 💉 Participate in theSQLsplorer Challenge! Now through September 22, 2025, all SQL Injection vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of researcher tier AND...

33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme

🌞Spring Into Summer Challenge: Critical Threats = Critical Rewards. 🌞 🔥 Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our'High Threat' list in software with fewer than 5 million active installs. Submit bold. Earn big! 🔥 On May 4th, 2025, we received a...

PT-2025-18381

Name of the Vulnerable Software and Affected Versions Brainstorm Force SureTriggers versions 1.0.0 through 1.0.82 Description The issue is related to an incorrect privilege assignment vulnerability in Brainstorm Force SureTriggers, allowing privilege escalation. This vulnerability can be exploite...

100,000 WordPress Sites Affected by Administrative User Creation Vulnerability in SureTriggers WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

PT-2025-15910

Name of the Vulnerable Software and Affected Versions OttoKit formerly SureTriggers versions 1.0.0 through 1.0.78 Description The vulnerability is related to an authentication bypass issue in the OttoKit WordPress plugin, which allows unauthenticated attackers to create administrator accounts on...

50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

PT-2025-11223

Name of the Vulnerable Software and Affected Versions Post SMTP versions prior to 3.3.0 Description A flaw exists in the Post SMTP WordPress plugin due to a broken access control mechanism within its REST API. This allows users with low privileges, such as Subscribers, to access sensitive email...

PT-2025-7814 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions 3.0.9.4 and earlier Description: The issue is related to arbitrary file upload, read, and deletion due to missing file type and path...

PT-2025-7614 · Unknown · Notfound Chaty Pro

Name of the Vulnerable Software and Affected Versions: Chaty Pro versions n/a through 3.3.3 Description: The issue affects Chaty Pro, allowing an attacker to upload malicious files that can be used to take control of a website. This is due to an Unrestricted Upload of File with Dangerous Type...

CVE-2024-56041 WordPress VibeBP plugin < 1.9.9.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through 1.9.9.5.1...

CVE-2024-10858 Jetpack 13.0-14.0 - Unauthenticated DOM-XSS

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...

CVE-2024-11028 MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation

The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it...