Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Wpmet

Wpmet Vendor Cyber Rating & Cyber Score

wpmet.com

Building a professional WordPress site means endless plugin hunting — testing compatibility, fixing conflicts, and starting over when something breaks. Wpmet solves that with one connected suite. We build WordPress plugins and page builders that cover everything modern sites need: ElementsKit (85+ widget Elementor addon), GutenKit (Gutenberg block builder), MetForm (advanced form builder), ShopEngine (WooCommerce store customizer), PopupKit (behavioral popup builder), EmailKit (email template builder), WP Social (social login, share & counter), WP Ultimate Review (ratings & trust builder), GetGenie AI (AI content & SEO assistant), and Table Builder — all built to work together, out of the box. 3,000,000+ customers across 180+ countries


Wpmet A.I CyberSecurity Scoring

Wpmet
Company Information
Website:https://wpmet.com/agl2
Employees number:2
Number of followers:915
NAICS:5112
Industry Type:Software Development
Homepage:wpmet.com
Wpmet Risk Score (AI oriented)
Between 700 and 749
logo
WpmetSoftware Development
Updated:
10/07/2026
738/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Wpmet Global Score (TPRM)
xxxx
logo
WpmetSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Wpmet
WpmetModerate
Current Score
738Ba (MODERATE)
01000
2 incidents
-5.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
743Before Incident
Vulnerability
09 Jul 2026Wpmet
Ninja Forms and Simple File List: Hackers Scan CMS Websites Globally to Deploy Webshells and Steal Credentials

Global CMS Exploitation Campaign Targets Unpatched Websites

738After Incident
CRITICAL-5
CYBWPM1783600441
Global CMS Exploitation Campaign Targets Unpatched Websites A large-scale cyberattack campaign is actively targeting Content Management System (CMS) websites worldwide, with threat actors scanning for unpatched software and vulnerable plugins. Once exploited, attackers deploy malicious webshells to gain remote control over compromised systems, enabling website defacement, credential theft, and malware distribution. The campaign has impacted organizations globally, particularly small- to medium-sized businesses, and reflects a broader trend identified by the Five Eyes cybersecurity agencies the increasing use of artificial intelligence to accelerate cyber operations. This shift has drastically reduced the time between a vulnerability’s public disclosure and its exploitation in the wild. Attackers primarily exploit flaws allowing unauthenticated file uploads, remote code execution, server-side request forgery, or unsafe deserialization. Known vulnerabilities in popular WordPress plugins including Simple File List (CVE-2025-34085), WavePlayer (CVE-2025-12057), and Ninja Forms (CVE-2026-0740) have been weaponized in this campaign. Once a webshell is deployed, hackers use it to disrupt operations, steal sensitive data, and distribute additional malware to unsuspecting visitors. Compromised servers may also serve as a foothold for deeper network infiltration. The Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) has urged administrators to proactively inspect CMS environments, as the rapid automation of attacks is shrinking the window for manual remediation. Organizations are advised to adopt continuous monitoring, automated security updates, and strict access controls to mitigate risks.
INCIDENT DETAILS -
TYPE
Exploitation Campaign
MOTIVATION
Disruption of operationsData theftMalware distributionNetwork infiltration
IMPACT
Data Compromised: Sensitive dataSystems Affected: CMS websites (WordPress and plugins)Operational Impact: Disrupted operations
DATA BREACH
Type Of Data Compromised: Sensitive data, credentials
JUNE 2026
749Before Incident
Vulnerability
11 Jun 2026Wpmet
ThemeREX, Joomla, Simple File List, WP File Manager, Oracle and DigitalOcean: Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

WP-SHELLSTORM Cybercrime Group's Exposed Server Reveals Mass Webshell Operation Targeting 1.4 Million Sites

743After Incident
CRITICAL-6
ORAJOOMANWPMDIGTHE1783693992
Cybercrime Crew’s Exposed Server Reveals Mass Webshell Operation Targeting 1.4 Million Sites A cybercrime group, tracked as WP-SHELLSTORM, inadvertently exposed its operations for three weeks after leaving an unsecured server online. The incident, discovered by researchers at SOCRadar and Ctrl-Alt-Intel, provided an unprecedented look into a webshell access brokerage a scheme where attackers compromise websites en masse, install backdoors, and sell access to other criminals. ### The Exposure On June 11, 2026, SOCRadar identified an unprotected server (IP: 137.175.93[.]126) hosting 800MB of data, including: - Hacking tools (exploit scripts, webshells) - Activity logs (command histories, scan results) - Target lists naming 1.4 million websites (WordPress, Joomla, and others) - Command-and-control (C2) configurations The server, rented in the U.S., was left open due to a Python web server left running for 22 days a simple but costly oversight. Ctrl-Alt-Intel independently analyzed the same directory, publishing findings on June 22, before SOCRadar’s July 9 report. ### The Attack Method The group exploited 27 known vulnerabilities, primarily in WordPress plugins, to deploy webshells small scripts granting remote control over compromised servers. Key flaws included: - Breeze caching plugin (CVE-2026-3844) – Exploited against 45,000+ sites, successfully backdooring 17,000+ (only effective with a non-default setting enabled). - Joomla JCE editor (CVE-2026-48907) – Targeted 560,000+ sites but only breached 77. - Other WordPress plugins (e.g., ThemeREX Addons, Simple File List, WP File Manager). The attackers used FOFA, a Chinese search engine for internet-connected systems, to build target lists. Their toolkit included: - down.php – A heavily obfuscated webshell derived from BestShell (open-source Chinese malware). - VShell – A stealthy backdoor disguised as a kernel process ([kworker/0:2]) to evade detection. ### Compromise Scale While the 1.4 million figure represents targets, not breaches, researchers confirmed: - Ctrl-Alt-Intel: 25,195 sites with evidence of compromise. - SOCRadar: 5,700+ active webshells. ### Earlier Corporate Espionage Campaign Before the WordPress spree, the same group ran a quieter operation in May 2026, targeting Java-based corporate systems via a Nacos configuration server flaw (CVE-2021-29441). They extracted: - 613 configuration files from 11 systems across nine companies (fintech, e-commerce, logistics, gaming, electronics). - Cloud credentials (AWS, Alibaba, Oracle, Tencent, DigitalOcean). - Database passwords and Alipay RSA private keys. SOCRadar suggests this was a "funding round" before scaling up the higher-volume webshell operation. ### Attribution & Sloppy Tradecraft Researchers assess with medium-to-high confidence that the group is Chinese or Chinese-speaking, citing: - Simplified Chinese in code and command logs. - Use of FOFA (requiring a Chinese phone number for registration). - Tools like Godzilla and VShell, common in Chinese-speaking cybercrime forums. Despite a sophisticated toolchain, the group made basic errors: - Left the server unprotected for weeks. - Exposed a FOFA config file, traceable via law enforcement. - Failed to sanitize command histories, revealing the full operation. When alerted, the group deleted log entries between July 2–4, but the damage was already done. ### Broader Implications WP-SHELLSTORM stands out not for its technical sophistication, but for its scale and opportunism. Using publicly known vulnerabilities and automated scanning, the group compromised thousands of sites without needing zero-days. The incident mirrors a March 2026 exposure of Russia’s APT28 (Fancy Bear), where an open directory revealed phishing tools and logs. In both cases, human error not advanced hacking led to the unraveling of major cybercrime operations.
INCIDENT DETAILS -
TYPE
Webshell AttackData BreachCybercrime Brokerage
MOTIVATION
Financial gainCybercrime brokerageCorporate espionage
IMPACT
Configuration filesCloud credentials (AWS, Alibaba, Oracle, Tencent, DigitalOcean)Database passwordsAlipay RSA private keysWebsite backdoor accessWordPress sites (45,000+ targeted, 17,000+ compromised)Joomla sites (560,000+ targeted, 77 compromised)Java-based corporate systems (11 systems across 9 companies)Operational Impact: Mass compromise of websites for resale of access; potential data exfiltration and further attacks by buyersBrand Reputation Impact: Potential reputational damage to affected entities due to compromise and data exposureIdentity Theft Risk: High (due to exposure of PII and credentials)Payment Information Risk: High (Alipay RSA private keys exposed)
DATA BREACH
Configuration filesCloud credentialsDatabase passwordsAlipay RSA private keysWebshell access logsNumber Of Records Exposed: 613 configuration files from 11 systems; 1.4 million websites targetedSensitivity Of Data: High (credentials, private keys, PII)Data Exfiltration: Yes (data sold on dark web implied)Configuration filesLogsWebshell scriptsPersonally Identifiable Information: Likely (credentials and private keys)
MAY 2026
749Before Incident
APRIL 2026
749Before Incident
MARCH 2026
749Before Incident
FEBRUARY 2026
749Before Incident
JANUARY 2026
749Before Incident
DECEMBER 2025
749Before Incident
NOVEMBER 2025
749Before Incident
OCTOBER 2025
749Before Incident
SEPTEMBER 2025
749Before Incident
AUGUST 2025
749Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Wpmet ?
?
What was Wpmet's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Wpmet's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Wpmet's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Wpmet ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Wpmet's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?