CP
cyberpings
VulnerabilitiesHIGH

Metasploit Unleashes New Exploits for WordPress and ChurchCRM

R7Rapid7 BlogFeb 20, 2026
CVE-2025-7441CVE-2025-62521MetasploitWordPressChurchCRM
🎯

Basically, new hacking tools let attackers exploit vulnerabilities in popular software like WordPress and ChurchCRM.

Quick Summary

Metasploit has launched new exploits targeting vulnerabilities in WordPress and ChurchCRM. These unauthenticated access points pose serious risks for users and organizations. Stay vigilant and ensure your software is updated to protect against potential attacks.

What Happened

Exciting developments are brewing in the cybersecurity world! Metasploit has just released new exploit modules that target vulnerabilities in popular applications. Two major exploits have emerged: one for the StoryChief WordPress plugin and another for ChurchCRM. These allow attackers to execute arbitrary code without needing authentication, which is a serious security risk.

The StoryChief exploit (CVE-2025-7441) takes advantage of a flaw in webhook validation, enabling file uploads that can lead to remote code execution. Meanwhile, the ChurchCRM exploit (CVE-2025-62521) uses the installation wizard to inject malicious PHP? code, granting persistent access to attackers. Both exploits establish Meterpreter? sessions, giving hackers a foothold in compromised systems.

In addition to these, Metasploit has introduced a clever Emacs extension that embeds malicious Lisp code. This code triggers shell callbacks every time Emacs launches, showcasing an unconventional attack method. There's also a Windows persistence? module that exploits the UserInit registry key? to gain Administrator shells whenever any user logs in. This means that attackers can maintain access even after a reboot.

Why Should You Care

These vulnerabilities can put your personal data and systems at risk. If you use WordPress or ChurchCRM, your website could be an easy target for hackers. Imagine leaving your front door unlocked; that's what using outdated or vulnerable software feels like. Attackers can exploit these weaknesses to steal sensitive information or take control of your systems.

Protecting yourself is crucial. If you're a website owner or manage any online services, you need to stay updated on the latest security patches. Ignoring these updates is like ignoring smoke alarms in your home — it could lead to catastrophic consequences.

What's Being Done

Metasploit is actively addressing these vulnerabilities by providing new modules for exploitation. Here's what you should do right now:

  • Update your software: Ensure that your WordPress plugins and ChurchCRM are up to date with the latest security patches.
  • Monitor for unusual activity: Keep an eye on your systems for any unauthorized access or strange behavior.
  • Review your security practices: Consider implementing additional security measures, like firewalls and intrusion detection systems.

Experts are closely watching for how quickly these exploits are adopted by malicious actors. The cybersecurity community remains vigilant, ready to respond to any emerging threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: The introduction of these RCE exploits indicates a trend towards targeting widely-used applications, heightening the need for proactive vulnerability management.

Original article from

Rapid7 Blog · Diego Ledda

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Authentication Bypass Flaw Exposes pac4j-jwt Users

A critical vulnerability in the pac4j-jwt library allows attackers to impersonate users. Developers using this library must update immediately to prevent unauthorized access. Ignoring this could lead to severe security breaches.

Arctic Wolf Blog·Yesterday, 8:34 PM
CRITICALVulnerabilities

Critical Authentication Bypass in pac4j-jwt Library Exposed!

A severe flaw in the pac4j-jwt library allows hackers to bypass authentication. This affects applications relying on the library, risking user data and security. Immediate updates are essential to protect against exploitation.

Arctic Wolf Blog·Yesterday, 7:55 PM
HIGHVulnerabilities

Firefox Faces 22 Vulnerabilities Discovered by Anthropic

Anthropic discovered 22 vulnerabilities in Firefox, with 14 marked high-severity. This puts users at risk of data breaches and unauthorized access. Mozilla is working on patches to fix these issues.

TechCrunch Security·Yesterday, 7:00 PM
CRITICALVulnerabilities

Cisco FMC Faces Maximum-Severity Vulnerabilities: Act Now!

Cisco has identified two critical vulnerabilities in its Secure Firewall Management Center software. Organizations using this software are at risk of unauthorized access and control. Immediate patching is essential to protect sensitive data and maintain security.

Arctic Wolf Blog·Yesterday, 5:58 PM
HIGHVulnerabilities

Firefox Vulnerabilities Exposed by AI in Just Two Weeks

AI has uncovered 22 vulnerabilities in Firefox in just two weeks. This affects anyone using the browser, putting personal data at risk. Mozilla is working on patches to fix these issues, so stay updated!

Cyber Security News·Yesterday, 5:38 PM
HIGHVulnerabilities

Linux Rootkits Evolve with eBPF and io_uring Threats

Linux rootkits are evolving into a serious threat, targeting cloud and IoT systems. This shift puts many users at risk of data breaches and disruptions. Experts are working on detection methods and patches to combat these threats.

Cyber Security News·Yesterday, 5:33 PM