How WP-SHELLSTORM Exposed 1.4M WordPress Sites
Essential information
- Published
- 13/07/2026 11:59
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- access-brokerage botnet godzilla vshell webshell wordpress
- Related entities
- 13 vulnerabilities (cve), 6 indicators, 5 observables, 1 intrusion sets (apt), 20 techniques (mitre), 4 malware
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (13)
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 02/07/2026
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file …
- Attack vector
- Network
- Published
- 19/11/2025
- Modified
- 13/07/2026
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data …
- Attack vector
- NETWORK
- Complexity
- HIGH
- Published
- 06/07/2026
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 07/04/2026
- Modified
- 13/07/2026
The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is …
- Attack vector
- NETWORK
- Published
- 01/08/2025
- Modified
- 13/07/2026
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked …
- Attack vector
- NETWORK
- Published
- 24/07/2025
- Modified
- 13/07/2026
The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0005 (P15.8%)
- Published
- 23/03/2026
- Modified
- 13/07/2026
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function …
- Attack vector
- NETWORK
- Complexity
- LOW
- EPSS
- 0.0006 (P18.5%)
- Published
- 23/04/2026
- Modified
- 13/07/2026
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to …
- Attack vector
- NETWORK
- Published
- 27/04/2021
- Modified
- 13/07/2026
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via …
- Attack vector
- Network
- Complexity
- Low
- Published
- 05/06/2026
- Modified
- 13/07/2026
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files …
- Published
- 03/11/2021
- Modified
- 13/07/2026
The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the …
- Attack vector
- Network
- Complexity
- Low
- EPSS
- 0.0002 (P4.5%)
- Published
- 11/05/2026
- Modified
- 13/07/2026
Indicators (6)
-
stix 100/100· Valid until 09/07/2027 · Source: AlienVault
Observables (5)
-
xs.xxooonline.eu.cc -
43.108.17.80 -
113.196.56.150 -
113.196.59.51 -
137.175.93.126
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (20)
Malware (4)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·