Join on WhatsApp
Join on Telegram
Rabat — Moroccan authorities have warned WordPress users about a critical security flaw in a popular plugin. The General Directorate of Information Systems Security (DGSSI), operating under the National Defense Administration, issued the alert through its cybersecurity monitoring center.
The vulnerability specifically affects the “InstaWP Connect” plugin in versions older than 0.1.0.88. Identified as CVE-2025-2636. This security hole allows unauthorized hackers to remotely execute malicious PHP code on affected websites.
WordPress has already released a security patch to fix the issue. Site administrators are strongly urged to update their plugins immediately through the WordPress dedicated page to protect against potential attacks.
This warning comes amid recurring cyberattacks targeting Moroccan government websites, chiefly carried out by hacker groups believed to be from or linked to Algeria.
The country’s critical infrastructure faces persistent threats, while GITEX Africa 2025 revelations from Kaspersky paint a concerning picture. Morocco now ranks third continent-wide for web-based attacks, with hackers launching over 12.6 million attempts against Moroccan targets in 2024 alone.
Bank Al-Maghrib has stepped forward with comprehensive security guidelines, aiming to protect citizens navigating an increasingly digitized financial landscape.
These developments underscore an urgent reality: strengthening Morocco’s digital defenses has become an essential pillar for national security.
Read also: Bank Al-Maghrib Issues Digital Banking Security Guide as Online Services Grow
