Blog

Notes from the cleanup floor

Field notes, incident retrospectives, and short reads on WordPress malware and site recovery.

Site owner mayo 15, 2026 2 min read

Burst Statistics auth bypass (CVE-2026-8181): exploited in the wild

A 9.8 CVSS authentication bypass in the Burst Statistics plugin is being exploited. 200K+ sites affected. Here's a quick triage.

Read article →

Site owner May 15, 2026 2 min

Someone bought 30 WordPress plugins and backdoored all of them

Plugin acquisition as an attack vector. If a plugin you trust changes hands and ships a 'security update' you didn't ask for, that's the playbook.
Site owner May 15, 2026 2 min

One million WordPress sites: arbitrary file read and SQL injection

A vulnerability chain affecting more than a million WordPress installs was disclosed by Wordfence. Here's what it means if you run one of those sites — and how…
Developer / sysadmin May 15, 2026 2 min

WordPress 5.7 XXE: how it works and why you patch it

Sonar's writeup of the WordPress 5.7 XML External Entity bug — what it leaks, where to find it, what fixed it.
Developer / sysadmin May 15, 2026 2 min

WordPress: how a 'delete a file' bug became remote code execution

Sonar's writeup of a chained vulnerability where the ability to delete an arbitrary file in WordPress was escalated to code execution. A classic, and a useful …

Abrir un encargo

¿Sitio comprometido? Abre un encargo.

Envíanos lo que sepas. Te devolvemos un triaje y un presupuesto fijo.

Abrir formulario →