Article Details

The 4 WordPress flaws hackers targeted the most in Q1 2025. A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. All four flaws are vulnerabilities discovered and fixed in 2024 but remain unpatched in many cases, giving hackers the opportunity to execute arbitrary code or exfiltrate sensitive data. Among the four flaws, which are all critical severity, are two that are reported as actively exploited for the first time. According to a new Patchstack report, the four flaws that received the most exploitation attempts are: It is important to note that exploitation attempts don't always lead to successful compromises, as many of these probes are blocked before they do any harm or the exploits are ineffective in achieving the desired outcome. However, given that not all websites are protected by Patchstack or other effective website security products, the chances of hackers finding more suitable conditions for exploitation across the WordPress landscape are significant. Website administrators and owners should apply the latest available security updates on all WordPress add-ons and themes and deactivate those they don't necessarily need. Also, make sure that dormant accounts are deleted and strong passwords and multi-factor authentication protect administrator accounts. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.