PHP Supply Chain Attack: Backdoor Discovered in Popular Composer Package
A supply chain attack targeting the PHP ecosystem has been discovered this week. Security researchers found a backdoor…
A supply chain attack targeting the PHP ecosystem has been discovered this week. Security researchers found a backdoor…
Security researchers have identified a new variant of the CrawlerX botnet that specifically targets WooCommerce sites. The latest…
A hardened WordPress site is one where every attack surface is minimized, every configuration is intentional, and no…
Your WordPress database contains everything that makes your site your site: posts, user accounts, plugin settings, WooCommerce orders,…
WordPress uses a built-in cron system (wp-cron.php) to schedule tasks like checking for updates, publishing scheduled posts, running…
A Reflected Cross-Site Scripting vulnerability has been discovered in the ShopBuilder WordPress plugin for WooCommerce. Tracked as CVE-2025-13456…
A Cross-Site Scripting (XSS) vulnerability has been discovered in the Logo Slider WordPress plugin. Tracked as CVE-2025-13153 with…
CVE-2025-12685 WPBookit CSRF Privilege Escalation. A Cross-Site Request Forgery (CSRF) vulnerability affects the WPBookit WordPress plugin. Tracked as…
CVE-2025-14047 WP User Frontend SQL Injection. An unauthorized data loss vulnerability affects the WP User Frontend plugin for…
A missing capability check vulnerability affects the My Sticky Elements plugin for WordPress. Tracked as CVE-2025-14428 with a…