More than 40,000 WordPress sites affected by malware flaw

English

A vulnerability in a popular WordPress quiz plugin has impacted over 40,000 sites, allowing potential SQL injection attacks. Security researchers have identified the flaw, urging site owners to check for exposure. The issue was reported on February 4, 2026.

The cybersecurity community has raised alarms over a newly discovered malware flaw targeting WordPress sites. According to reports, more than 40,000 installations are at risk due to a vulnerability in a widely used quiz plugin. This plugin, which enables interactive quizzes on websites, contains a weakness that can be exploited for SQL injection attacks.

SQL injection is a common hacking technique where attackers insert malicious code into a query, potentially stealing data or disrupting site functions. The flaw's discovery highlights ongoing challenges in securing content management systems like WordPress, which powers a significant portion of the web.

Site administrators are advised to review their plugins and apply any available updates or patches immediately. While specific details on the plugin's name were not disclosed in initial reports, the scale of the affected sites underscores the urgency of the situation. TechRadar published the findings on February 4, 2026, emphasizing the need for users to verify if their sites are compromised.

This incident serves as a reminder of the importance of regular security audits for WordPress users. No further details on exploitation or mitigation steps were provided in the initial alert, but experts recommend monitoring for unusual activity.

Related Articles

Illustration of a developer's desk with a computer screen showing malicious npm packages stealing credentials across platforms, highlighting cybersecurity risks.
Image generated by AI

Malicious npm packages steal developer credentials on multiple platforms

Reported by AI Image generated by AI

Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.

Microsoft patches security flaw in Office software

Microsoft has issued an emergency patch for a worrying security flaw in its Office software. The vulnerability could allow hackers to access users' files if not updated promptly. The patch was released to address this critical issue.

Russian hackers exploit Microsoft Office vulnerability days after patch

Reported by AI

Russian state-sponsored hackers quickly weaponized a newly patched Microsoft Office flaw to target organizations in nine countries. The group, known as APT28, used spear-phishing emails to install stealthy backdoors in diplomatic, defense, and transport entities. Security researchers at Trellix attributed the attacks with high confidence to this notorious cyber espionage unit.

Technology

Microsoft Copilot faces single-click prompt injection vulnerability

Linux

Attackers hijack Linux Snap Store apps to steal crypto phrases

Technology

IBM's AI Bob vulnerable to malware manipulation

Zombie domains expose Snap Store to supply chain attacks

A critical vulnerability in Canonical's Snap Store allows attackers to hijack abandoned Linux applications by purchasing expired domains. This method enables malicious updates to be pushed automatically to users' systems. The issue was highlighted in an analysis by former Canonical engineer Alan Pope.

Hackers steal millions of Pornhub users' data for extortion

Reported by AI

Hackers have accessed and stolen personal information from millions of Pornhub users, aiming to use the data for extortion schemes. The incident was highlighted in a WIRED security news roundup.

Thousands of Korean Air employees exposed in Oracle breach

Korean Air, a major South Korean airline, has been affected by a supply-chain attack originating from Oracle, resulting in the exposure of thousands of its employees' information. The incident highlights vulnerabilities in third-party software services. Details emerged in a recent security report.

The myth of Linux's invincibility in enterprise security

Reported by AI

Linux systems face significant risks from unpatched vulnerabilities, challenging the notion of their inherent security. Experts emphasize the need for automated patch management to protect open-source enterprises effectively.

January 23, 2026 05:13

Fortinet FortiGate devices face automated attacks creating rogue accounts

January 23, 2026 02:03

Huge data leak exposes 149 million credentials without protection

January 14, 2026 06:04

Hackers hijack LinkedIn comments to spread malware

January 13, 2026 14:43

US government urged to patch critical Gogs security flaw

January 07, 2026 09:35

Gobruteforcer botnet targets Linux servers worldwide

December 25, 2025 10:53

LastPass 2022 breach enables years of cryptocurrency thefts

December 22, 2025 16:25

HPE urges immediate patching of OneView after critical security flaw found

December 16, 2025 23:12

React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

December 15, 2025 07:33

Apple fixes zero-day flaws in WebKit for sophisticated attacks

December 10, 2025 07:11

North Korean hackers exploit maximum severity React2Shell flaw

 

 

 

This website uses cookies

We use cookies for analytics to improve our site. Read our privacy policy for more information.
Decline