http://feedproxy.google.com/~r/sucuri/blog/~3/FkTG3ZvrKIE/plugins-added-to-malicious-campaign.html
We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts.
Plugins Added to the Attack
- Download WP Inventory Manager (version <= 1.8.2)
- Woocommerce User Email Verification. (version <= 3.3.0 **Still Not Fixed**)
Attackers are trying to exploit vulnerable versions of these plugins.
Continue reading Plugins Added to Malicious Campaign at Sucuri Blog.
Source: Security Feed