Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...
Threat Post

Newsletter WordPress Plugin Opens Door to Site Takeover

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Newsletter, a WordPress plugin with more than 300,000 installations, has a pair ...
Bleeping Computer

Newsletter plugin bugs let hackers inject backdoors on 300K sites

Newsletter users are urged to update the plugin to the 6.8.3 version as soon as possible to block attacks designed to add rogue admins or to inject backdoors on their sites given that threat actors ...

WordPress websites under attack — dozens of plugins hijacked to target thousands of sites

A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.

Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk

A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially ...