WordPress Security & Threat Intelligence

Your source for WordPress security news today. Browse our live archive of active vulnerabilities, bypass URL exploits, and zero-day malware signatures detected in the wild.

WordPress Security & Threat Intelligence

Malware Analysis of StateMesh in WordPress MU-Plugin Directory

Hidden WordPress Plugin: WP Security Helper

Hidden Casino Content Injection

Malicious PHP Code Injection in WordPress Directories

Japanese SEO Spam Injection via Malicious PHP Code

Malicious PHP Script Detected in index.php

Fake Plugin - Advanced LinkFlow Control

PHP Malware in index.php

Admin Backdoor User Creation

JavaScript Obfuscation Causing AJAX Malfunction

Obfuscated JavaScript Malware in Theme Plugins

WordPress Backdoor Exploit

Investigation into Malicious WordPress Core Plugin

Malicious Redirection via _posts Table Injection

SavvyWolf Web Shell - Manager Variant

Hello Aili Plugin Spam Injector

Goto Obfuscated Dropper

PHP Shell Ultimate Backdoor

Malicious .htaccess Injection and Fake Index.php Dropper

Recursive .htaccess PHP Execution Lockout

Cookie-Based PHP Execution Malware

Header-Based Backdoor Malware

XOR-Obfuscated PHP Dropper

Drive-By Script Injection

Fetch-Based URL Injection

Hidden Plugin Backdoor

Obfuscated JavaScript Credit Card Stealer

JavaScript Fetch-Based Spam Injection

JavaScript Redirection Injection

Malicious Redirect via Hidden Plugin

PHP Cron Job Malware

SEO Spam Malware Injection

WP Compatibility Patch Backdoor

🚨 Is your WordPress site hacked? Get a free malware scan