Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
ZDNet

Second WordPress hacking campaign underway, this one targeting AMP for WP plugin

A second vulnerability in a high-profile WordPress plugin has come under active exploitation in the span of a week, ZDNet has learned from WordPress security firm Defiant. Attacks are currently ...

W3 Total Cache WordPress plugin vulnerable to PHP command injection

WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.
Ars Technica

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The ...