The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Top WordPress Slider plugin hijacked to spread malware — here's what to look out for

A tainted version was pushed as an update to more than 800,000 active websites.
Bleeping Computer

File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated ...
Infosecurity-magazine.com

Flaw in Slider Revolution Plugin Exposed 4m WordPress Sites

A security vulnerability affecting millions of WordPress websites has been uncovered in the widely used Slider Revolution plugin. The flaw, tracked as CVE-2025-9217, could allow users with contributor ...
The Hacker News

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Backdoored Smart Slider 3 Pro v3.5.1.35 update distributed for 6 hours via compromised infrastructure, enabling RCE and data ...
Infosecurity-magazine.com

XSS Vulnerabilities Found in WordPress Plugin Slider Revolution

A recent security audit of the Slider Revolution plugin has uncovered two significant vulnerabilities that could compromise the security of WordPress websites. Slider Revolution, a widely used premium ...