The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
Bleeping Computer

File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated ...

Top WordPress slider plugin hijacked to spread malware — here's what to look out for

A tainted version was pushed as an update to more than 800,000 active websites.
Infosecurity-magazine.com

Flaw in Slider Revolution Plugin Exposed 4m WordPress Sites

A security vulnerability affecting millions of WordPress websites has been uncovered in the widely used Slider Revolution plugin. The flaw, tracked as CVE-2025-9217, could allow users with contributor ...
Bleeping Computer

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. The developer says that only the Pro version ...
Infosecurity-magazine.com

XSS Vulnerabilities Found in WordPress Plugin Slider Revolution

A recent security audit of the Slider Revolution plugin has uncovered two significant vulnerabilities that could compromise the security of WordPress websites. Slider Revolution, a widely used premium ...