Morning Overview on MSN

Hackers are exploiting a maximum-severity bug in a WordPress form plugin on thousands of sites, running their own code with no login required

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web ...
Searchenginejournal.com

Why WordPress 5.5 is Breaking Sites

WP 5.5 deprecated support for jQuery Migrate may have caused at least 50,000 broken sites. An issue with how themes handle pagination is causing other sites to break after updating to 5.5. That’s a ...
TechRepublic

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. A web developer discovered dozens of malicious ...

Funnel Builder WordPress plugin exploited to steal credit card details

Funnel Builder WordPress plugin is being exploited to steal people's credit cards but the flaw has since been patched.
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.