Blog
Notes from the cleanup floor
Field notes, incident retrospectives, and short reads on WordPress malware and site recovery.
Burst Statistics auth bypass (CVE-2026-8181): exploited in the wild
A 9.8 CVSS authentication bypass in the Burst Statistics plugin is being exploited. 200K+ sites affected. Here's a quick triage.
Read article →
-
Site owner 2 min
Someone bought 30 WordPress plugins and backdoored all of them
Plugin acquisition as an attack vector. If a plugin you trust changes hands and ships a 'security update' you didn't ask for, that's the playbook.
-
Site owner 2 min
One million WordPress sites: arbitrary file read and SQL injection
A vulnerability chain affecting more than a million WordPress installs was disclosed by Wordfence. Here's what it means if you run one of those sites — and how…
-
Developer / sysadmin 2 min
WordPress 5.7 XXE: how it works and why you patch it
Sonar's writeup of the WordPress 5.7 XML External Entity bug — what it leaks, where to find it, what fixed it.
-
Developer / sysadmin 2 min
WordPress: how a 'delete a file' bug became remote code execution
Sonar's writeup of a chained vulnerability where the ability to delete an arbitrary file in WordPress was escalated to code execution. A classic, and a useful …
Site compromised? Let's talk.
Send us what you know. You get a triage and a fixed quote in return.