Blog

Notas desde el terreno de limpieza

Notas de campo, retrospectivas de incidentes y lecturas breves sobre malware en WordPress y recuperación.

Site owner mayo 15, 2026 2 min read

Burst Statistics auth bypass (CVE-2026-8181): in the wild

A 9.8 CVSS authentication bypass in the Burst Statistics plugin is being exploited. 200K+ sites affected. Here's a quick triage.

Read article →

Site owner May 15, 2026 2 min

Someone bought 30 WordPress plugins and backdoored all of them

Plugin acquisition as an attack vector. If a plugin you trust changes hands and ships a 'security update' you didn't ask for, that's the playbook.
Site owner May 15, 2026 2 min

One million WordPress sites: file read + SQL injection

Wordfence disclosed a vulnerability chain affecting more than a million WordPress installs. What it means for site owners — and how to tell if you're exposed.
Developer / sysadmin May 15, 2026 2 min

WordPress 5.7 XXE: how it works and why you patch it

Sonar's writeup of the WordPress 5.7 XML External Entity bug — what it leaks, where to find it, what fixed it.
Developer / sysadmin May 15, 2026 2 min

WordPress: a 'delete a file' bug escalated to RCE

Sonar's writeup of a chained vulnerability where arbitrary file deletion in WordPress was escalated to code execution. A classic reminder: 'just' deleting a fi…

¿Sitio comprometido? Abre un encargo.

Send us what you know. You get a triage and a fixed quote in return — no obligation.

Abrir formulario →