In 2024, almost 1 million WordPress sites were infected with malware, with up to 350,000 daily attacks recorded. More than 96% of vulnerabilities were found in plugins, and the leader among the threats remains the XSS attack.
According to information from Wordfence, a company specializing in WordPress security, cross-site scripting (XSS) continues to be the main challenge – more than 4 thousand cases were recorded, and the number of attackers’ attempts reached 9 billion. In second place in terms of danger is SQL injection, which accounts for 47% of all detected vulnerabilities: 1.1 billion attack attempts were blocked. During 2024, no major zero-day attacks were observed, which indicates an improvement in the quality of plugins and themes. However, the majority of vulnerabilities (81%) are rated as medium risk, but the number of high risk vulnerabilities is growing.
WordPress is the world’s most popular content management system, powering millions of websites, making it an attractive target for attackers. Plugins remain a major vulnerability, often installed from untrusted sources or not updated on time. Typical attacks include injecting malicious JavaScript to hijack user sessions, steal passwords, or distribute malware. SQL injections allow hackers to modify or steal data from databases if appropriate protection is not in place.
Companies need to invest in user education, implement two-factor authentication, update systems in a timely manner, and remove inactive plugins. Even medium risk vulnerabilities can have catastrophic consequences if not addressed.
A new drone-interceptor has been created in Ukraine to destroy the "Shahed", which has already neutralized more than 20 targets. The UAV can reach speeds of up to 200 km/h and climb to a height of up to 5 km, and can work against reconnaissance drones. The drone was demonstrated to Belgian Prime Minister Bart de Wever, as part of Ukraine's cooperation with Thales Belgium. This development will replace expensive missiles when intercepting drones and increase the effectiveness of Ukrainian air defense.
Medusa hackers have reported a NASCAR hack, stealing over 1TB of internal data, including personal information, financial documents, track plans, and technical reports. A ransom of $4 million is being demanded. This is an example of Medusa’s dual-model blackmail operation.
A cyberattack on the Arizona public defender’s office has disrupted the hearing in the case of death row inmate Ralph Menzies. Legal documents have been lost, and the hearing has been postponed until May. The case is complicated by the defendant’s alleged mental disorder. The death penalty in the United States is retained in 24 states, including Utah, which even provides for the possibility of execution. The incident proved that cyberattacks can have a real impact on justice.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
136 
