Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
Security Boulevard

CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover

CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...
TechRadar

This old WordPress plugin is being used to hack compromised websites

Update: The WordPress Plugin Team has confirmed to TechRadar Pro that the Eval PHP plugin has been closed, citing concerns over its usage on compromised sites, its age, and the number of active ...
Tweakers

PHP (Wordpress) Plugin Developer

At Really Simple Plugins we develop WordPress plugins where our goal is to make complex topics 'really simple'. Our most renown plugins are Really Simple SSL (>4 million users) and Complianz (>1 ...
Bleeping Computer

PHP Everywhere RCE flaws threaten thousands of WordPress sites

Researchers found three critical remote code execution (RCE) vulnerabilities in the 'PHP Everywhere' plugin for WordPress, used by over 30,000 websites worldwide. PHP Everywhere is a plugin that ...

CleanTalk WordPress Plugin Vulnerability Threatens Up To 200K Sites

CleanTalk WordPress plugin vulnerability affecting up to 200,000 sites could lead to remote code execution by unauthenticated attackers.