High
9 July 2026
Large-scale exploitation campaign targeting CMS-based websites
A coordinated campaign is exploiting known vulnerabilities in popular CMS platforms to compromise websites at scale. WordPress and other CMS-based sites should ensure all core software, plugins and themes are up to date, that administrator accounts use strong unique passwords with MFA enabled, and that server-level protections such as WAF and file-integrity monitoring are in place.