{"id":8216,"date":"2026-05-25T12:12:08","date_gmt":"2026-05-25T12:12:08","guid":{"rendered":"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/"},"modified":"2026-05-25T12:12:08","modified_gmt":"2026-05-25T12:12:08","slug":"ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks","status":"publish","type":"post","link":"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/","title":{"rendered":"Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks"},"content":{"rendered":"<p>\u200bThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.<\/p>\n<p>According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost&#8217;s Content API that could allow an unauthenticated attacker to read arbitrary data from the\u00a0Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.<\/p>\n<p>According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost&#8217;s Content API that could allow an unauthenticated attacker to read arbitrary data from the\u00a0\u00a0The Hacker News<\/p>","protected":false},"excerpt":{"rendered":"<p>\u200bThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost&#8217;s Content API that could allow an unauthenticated attacker to read&hellip;&nbsp;<a href=\"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/05\/25\/ghost-cms-cve-2026-26980-exploited-to-hijack-700-sites-for-clickfix-attacks\/\" class=\"\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks<\/span><\/a><\/p>\n","protected":false},"author":0,"featured_media":8217,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/8216"}],"collection":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/comments?post=8216"}],"version-history":[{"count":0,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/8216\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media\/8217"}],"wp:attachment":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media?parent=8216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/categories?post=8216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/tags?post=8216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}