Dark Reading

PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts

A malicious plug-in found on a Russian cybercrime forum turns WordPress sites into phishing pages by creating fake online payment processes that convincingly impersonate trusted checkout services.

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.
Dark Reading

Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover

A WordPress plug-in installed on more than 4 million websites exposes them to full administrative takeover through a scripting flaw that potentially can be used to launch large-scale automated attacks ...