News
Vulnerability found in thousands of WordPress websites
- May 18, 2022
- Updated: July 2, 2025 at 3:45 AM
WordPress is one of the most popular content management systems (CMS) available today. For millions and millions of websites around the world, it is like the operating system that makes all the technical wizardry you see on their web pages possible. WordPress is like the operating system and then WordPress plugins are like the programs used for particular tasks or jobs. Unfortunately, security analysts have discovered a vulnerability in a popular WordPress plugin used by thousands of websites worldwide.
Analysts from the Wordfence Threat Intelligence team recently discovered a vulnerability in the Tatsu Builder plugin, which they estimate has been installed on WordPress sites between 20,000 and 50,000 times. The team reports that they started seeing attacks on May 10, 2022, with the peak coming on May 14 when they saw over 5.9 million attacks. The attacks included a dropper, which would later install malware onto the victims’ devices.
Tatsu detected the attack early on and quickly notified all of their customers of the attack. Unfortunately, the Wordfence Threat Intelligence team believes that at least a quarter of those customers are yet to take action against the vulnerability. This means that there could be anything up to or even over 12,000 sites that are still vulnerable.
If you are an admin of a WordPress site that uses Tatsu Builder, the Wordfence team recommends you update to the latest version (3.3.13) as quickly as possible. That version contains a patch that fully addresses the issue. It is important to get the latest version as the previous version (3.3.12) was rolled out with a patch but it didn’t fully address the issue. Another security step WordPress users can take is to install the Wordfence Web Application Firewall, which comes with the free version of the service. Wordfence does have premium subscriptions available too, which offer more enhanced features on top of the firewall.
If you are worried about cybersecurity and would like to keep on top of the issue, check out our guide to malware, phishing, spyware, and viruses.
Image via: Wordfence Threat Intelligence
Patrick Devaney is a news reporter for Softonic, keeping readers up to date on everything affecting their favorite apps and programs. His beat includes social media apps and sites like Facebook, Instagram, Reddit, Twitter, YouTube, and Snapchat. Patrick also covers antivirus and security issues, web browsers, the full Google suite of apps and programs, and operating systems like Windows, iOS, and Android.
Latest from Patrick Devaney
You may also like
NewsAfter sweeping through its country, the Portuguese version of the most iconic series of Spanish television arrives
Read more
NewsThis remake of an iconic film about marital collapse arrives in theaters
Read more
NewsOrange Belgium is facing a significant data leak affecting 850,000 customers
Read more
NewsThis new Netflix series delves into a political crisis led by women
Read more
NewsThe AI tools and how they are redefining the online presence of companies
Read more
NewsDaniel Day-Lewis returns after 8 years of retirement, and he does it in style directed by his son
Read more