We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts.

Plugins Added to the Attack

• Download WP Inventory Manager (version <= 1.8.2)
• Woocommerce User Email Verification.  (version <= 3.3.0  **Still Not Fixed**)

Attackers are trying to exploit vulnerable versions of these plugins.

Continue reading Plugins Added to Malicious Campaign at Sucuri Blog.

Via Sucuri.net