WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious content. During the past few weeks, ThreatLabZ researchers have detected several WordPress and Joomla sites that were serving Shade/Troldesh ransomware, backdoors, redirectors, and a variety of phishing pages. The most well-known threats to CMS sites are the result of vulnerabilities introduced by plugins, themes, and extensions.