Security News > 2025 > March > Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
2025-03-31 12:04
Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the
News URL
https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html
Related news
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit OttoKit WordPress plugin flaw to add admin accounts (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- The 4 WordPress flaws hackers targeted the most in Q1 2025 (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Hackers abuse WordPress MU-Plugins to hide malicious code (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)