Security notice
High
9 July 2026
Large-scale exploitation campaign targeting CMS-based websites
A coordinated campaign is exploiting known vulnerabilities in popular CMS platforms to compromise websites at scale. Owners and administrators of WordPress and other CMS-based sites should ensure all core software, plugins and themes are kept up to date, that administrator accounts use strong unique passwords with MFA enabled, and server-level protections such as WAF and file-integrity monitoring are in place.