A new method of hijacking WordPress permalinks involves the creation of shadow directories. This technique allows attackers to inject spam content into search engine results without altering the visible content on the website or its database.

Some attackers are increasingly moving away from simple redirects in favor of more “selective” methods of payload delivery. This approach filters out regular human visitors, allowing attackers to serve malicious content to search engine crawlers.

A WordPress backdoor has been discovered, disguised as a JavaScript data file, allowing attackers to automatically log into administrator accounts without credentials. This malware is hidden in a PHP file within the WordPress `wp-admin/js` directory.

This advisory provides a detailed overview of critical and high-risk vulnerabilities identified in various WordPress plugins and themes for November 2025. These vulnerabilities pose significant security risks.

The infection was identified when a customer noticed unauthorized JavaScript loading on their WordPress site. Investigation revealed that the same malicious script was active on at least 17 other websites.

A recent investigation uncovered two stealthy backdoors on a compromised WordPress site: a fake plugin named DebugMaster Pro and a script named wp-user.php. These files maintained persistent administrative access and exfiltrated credentials.

A recent JavaScript-based malware campaign has been discovered targeting WordPress websites. The malware injects a fullscreen iframe from malicious domains, aiming to deceive users into executing a base64-encoded PowerShell command.

A stealthy backdoor has been discovered in WordPress installations, specifically targeting the mu-plugins directory. This malware leverages the must-use plugin mechanism to ensure automatic activation and persistence.

A new stealthy PHP malware campaign has been discovered targeting WordPress websites. The malware leverages the `zip://` PHP wrapper to include obfuscated malicious code from a ZIP archive embedded in the WordPress core file `wp-settings.php`.

A stealthy malware campaign has been discovered targeting WordPress websites to deliver a Windows-based RAT through a PHP backdoor. The infection chain involves a malicious ZIP archive containing the trojan executable.