Experts claim WordPress sites are being hijacked using a critical flaw in popular plugin

A popular WordPress plugin is once again being leveraged in website takeover attacks.
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
Infosecurity-magazine.com

Backup Migration WordPress Plugin Flaw Impacts 90,000 Sites

Security researchers have warned users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked. Security vendor Wordfence has revealed a new PHP code ...