Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...

Attention content creators: your WordPress plugin of choice may have been compromised

Don't blog without the proper protections in place, folks.
Searchenginejournal.com

WordPress Calendar Plugin Vulnerability Affects Up To 100k Sites

Wordfence published an advisory on a vulnerability in the LatePoint – Calendar Booking WordPress Plugin that makes it possible for authenticated attackers with Agent-level access and above to gain ...
TechRadar

Nasty WordPress plugin bug puts thousands of sites at risk

A high-severity vulnerability recently discovered in a WordPress plugin put some 60,000 websites at risk of website takeover, data exfiltration, or remote code execution. This is according to the ...
Bleeping Computer

File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated ...