Security researchers at WordFence issued a serious warning this week regarding a critical flaw in a popular WordPress tool. The vulnerability allows hackers to trick a website into granting them administrator access. Once they have that access, they effectively own the site.
The bug hides inside the “Sneeit Framework.” Site owners use this backend toolkit to manage themes, layouts, and custom features. WordFence discovered that the flaw allows attackers to execute code remotely. They gave it a severity score of 9.8 out of 10, which is just about as bad as it gets. It affects every version of the plugin before version 8.4.
The danger is real and immediate. Hackers wasted no time exploiting this bug as soon as the news broke. On the very first day, WordFence blocked over 131,000 attempts to break into websites. Even now, the firm reports about 15,000 attacks every single day.
Here is how the attack works: A hacker sends a specific command to a vulnerable website. The site interprets this command and creates a new admin user for the attacker. With full control, the intruder can install malicious software, steal data, or redirect your visitors to scam pages.
If you use the Sneeit Framework, you must update to version 8.4 immediately. Although the developers released this fixed version in August 2025, many sites remain outdated and vulnerable.
Site owners should also look for signs of a break-in. Check your user list for any admin accounts you did not create. You should also check your server for any strange files named “xL.php,” “simple.php,” or “up_sf.php.” Hackers often leave these files behind so they can get back in later. The best defense is to keep all your plugins up to date and delete any software you are not actively using.
