TI Mindmap HUB
Threat Intelligence Report

Chinese actor compromises thousands of Wordpress sites

๐Ÿ“… June 23, 2026 ๐Ÿ“ฐ ctrlaltintel.com ๐Ÿ” 18 CVE(s) referenced

A Chinese-speaking threat actor orchestrated a massive, highly automated exploitation campaign targeting over 25,000 WordPress sites and other CMS platforms worldwide, leveraging dozens of plugin vulnerabilities to deploy advanced webshells and persistent backdoors for broad post-exploitation control.

unclassified
CVE-2026-3844, CVE-2025-12057, CVE-2025-12352, CVE-2026-29014, CVE-2025-6389, CVE-2025-7852, CVE-2026-0740, CVE-2025-7443, CVE-2026-48907, CVE-2025-5394, CVE-2025-34085, CVE-2024-6648, CVE-2026-3395, CVE-2026-1357, CVE-2026-31843, CVE-2025-32432, CVE-2026-6433, CVE-2026-1969

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle