Geek-Guy.com

Tag: WordPress

AI, Apps, Global Security News, malware, Network Security

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites that fetches its instructions by reading Steam Community profile comments, where the actual payload is…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware

CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours. WP Maps Pro plugin allows WordPress site owners to embed Google Maps and OpenStreetMap with markers, listings, and location search. It’s a store locator tool. Unremarkable. The plugin is installed on over 15,000 websites, according to sale…

Read more →

AI, Endpoint, Exploits, Global Security News, malware

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, according to Sansec researchers. Funnel Builder by FunnelKit is a checkout and upsell plugin…

Read more →

AI, Exploits, Global Security News

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier.…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

400K WordPress Sites Exposed by Elementor Ally Plugin SQL Flaw

A vulnerability in a widely used WordPress accessibility plugin could allow attackers to steal sensitive data from vulnerable websites without logging in.  The flaw affects the Ally plugin developed by Elementor, which is installed on hundreds of thousands of sites worldwide This vulnerability “… can be leveraged to extract sensitive data from the database, such…

Read more →

AI, Exploits, Global Security News, Risk Management

Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites

An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

WordPress Plugin Flaw Lets Attackers Create Admin Accounts

A vulnerability in a popular WordPress membership plugin could allow attackers to create administrator accounts and completely take over affected websites.  The flaw affects the User Registration & Membership plugin and enables unauthenticated attackers to bypass security controls during the account registration process.  This vulnerability allows “… unauthenticated attackers to create administrator accounts by supplying…

Read more →