Searchenginejournal.com

WordPress Popular Posts Plugin Vulnerability Affects 100k+ Sites

An advisory has been issued about a high-severity WordPress vulnerability that makes it possible for attackers to inject arbitrary shortcodes into sites using the WordPress Popular Posts plugin.
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...