ACSC CMS remediation guidance
Advisory/Mitigation
Summary
Hide ▲
Show ▼
The ACSC issued remediation guidance for CMS operators under active exploitation pressure, telling administrators to install the latest security updates for themes and plugins to reduce webshell deployment risk. The advisory also calls for removing unused components and enabling automatic updates where possible. These steps target exposed sites that can otherwise be used for persistence, credential theft, and deeper network compromise.
Timeline
-
11.07.2026 17:18 2 articles · 1h ago
ACSC advises patching vulnerable CMS plugins amid global webshell campaign
Mitigation Patch UpdateThe Australian Cyber Security Centre (ACSC) warns that a global exploitation campaign is targeting vulnerable CMS platforms and plugins, with many small- to medium-sized Australian businesses already impacted by webshell deployment. The activity is actively scanning websites for opportunities to deploy webshells across WordPress, Craft CMS, MaxSite CMS, MetInfo CMS, and Joomla JCE, and the ACSC recommends applying the latest security updates for CMS software, themes, and plugins, removing unused components, enabling automatic updates where possible, making web directories read-only where possible, monitoring for unauthorized file creation, restricting access to sensitive directories, and blocking unexpected child-process spawning on web servers.
Show sources
- Australia warns of global campaign targeting vulnerable CMS platforms — www.bleepingcomputer.com — 11.07.2026 17:18
- Australia warns of global campaign targeting vulnerable CMS platforms — www.bleepingcomputer.com — 11.07.2026 17:18