{"uuid": "8b818b5a-0049-4908-9f12-27eb86cc3bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25600", "type": "seen", "source": "https://t.me/thehackernews/6584", "content": "\ud83d\udea8 Hackers are abusing WordPress mu-plugins\u2014a hidden auto-run directory\u2014to inject malware, hijack links, and redirect users to scam sites.\n\nAlso, add these to the list of 2024's major WordPress threats:\nCVE-2024-27956 | SQL injection\nCVE-2024-25600 | RCE in Bricks theme\nCVE-2024-8353 | PHP injection\nCVE-2024-4345 | Arbitrary file upload\n\nIf you run a WordPress site, check your mu-plugins folder NOW.\n\n\ud83d\udee1\ufe0f Full story: https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html", "creation_timestamp": "2025-03-31T14:10:26.000000Z"}