Blog

Notizen aus der Bereinigungspraxis

Praxisnotizen, Vorfallsrückblicke und Kurzlektüre zu WordPress-Malware und Wiederherstellung.

Site owner Mai 15, 2026 2 min read

Burst Statistics auth bypass (CVE-2026-8181): in the wild

A 9.8 CVSS authentication bypass in the Burst Statistics plugin is being exploited. 200K+ sites affected. Here's a quick triage.

Read article →

Site owner Mai 15, 2026 2 min

Someone bought 30 WordPress plugins and backdoored all of them

Plugin acquisition as an attack vector. If a plugin you trust changes hands and ships a 'security update' you didn't ask for, that's the playbook.
Site owner Mai 15, 2026 2 min

One million WordPress sites: file read + SQL injection

Wordfence disclosed a vulnerability chain affecting more than a million WordPress installs. What it means for site owners — and how to tell if you're exposed.
Developer / sysadmin Mai 15, 2026 2 min

WordPress 5.7 XXE: how it works and why you patch it

Sonar's writeup of the WordPress 5.7 XML External Entity bug — what it leaks, where to find it, what fixed it.
Developer / sysadmin Mai 15, 2026 2 min

WordPress: how a 'delete a file' bug became remote code execution

Sonar's writeup of a chained vulnerability where the ability to delete an arbitrary file in WordPress was escalated to code execution. A classic, and a useful …

Seite kompromittiert? Auftrag starten.

Send us what you know. You get a triage and a fixed quote in return — no obligation.

Aufnahme-Formular öffnen →