TechRadar

A popular WordPress theme has a worrying security flaw which could allow full site takeover - here's what we know

CVE-2025-5947 allows unauthenticated admin access in Service Finder WordPress theme versions ≤ 6.0 Over 13,800 exploit attempts observed since August; attackers actively target vulnerable sites ...
Bleeping Computer

Over 90 WordPress themes, plugins backdoored in supply chain attack

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 ...
Bleeping Computer

Premium WordPress 'Motors' theme vulnerable to admin takeover attacks

A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete ...
ZDNet

Pirated themes and plugins are the most widespread threat to WordPress sites

Pirated (aka nulled) themes and plugins were the most common source of malware infections on WordPress sites in 2020, according to Wordfence, a provider of website application firewall (WAF) solutions ...