Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
Infosecurity Magazine

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...
Ars Technica

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
SecurityWeek

Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
Searchenginejournal.com

Why WordPress 5.5 is Breaking Sites

WP 5.5 deprecated support for jQuery Migrate may have caused at least 50,000 broken sites. An issue with how themes handle pagination is causing other sites to break after updating to 5.5. That’s a ...