CVE Tools
Back to feed
BleepingComputer ·EN-US News source Exploited in the wildSimple File ListWavePlayerBerqWP

Australia warns of global campaign targeting vulnerable CMS platforms

By Bill Toulas··2 min read
CVE Tools coverage

The Australian Cyber Security Centre (ACSC) has issued a warning about a global exploitation campaign targeting vulnerable content management systems (CMS) and related plugins. Attackers are deploying webshells on compromised websites, enabling them to steal data, install malware, and gain deeper access to networks. The ACSC reports that numerous small- to medium-sized businesses in Australia have already been impacted. Affected products include WordPress plugins like Simple File List (CVE-2025-34085), Ninja Forms (CVE-2026-0740), and Breeze Cache (CVE-2026-3844), as well as other CMS platforms such as Craft CMS (CVE-2025-32432) and MetInfo CMS (CVE-2026-29014).