Hackers using cross-site scripting (XSS) flaw in abandoned cart plugin to take over vulnerable sites.
WordPress-based shopping sites are under attack from a hacker group abusing a vulnerability in a shopping cart plugin to plant backdoors and take over vulnerable sites.
Attacks are currently ongoing, according to Defiant, the company behind Wordfence, a firewall plugin for WordPress sites.
Hackers are targeting WordPress sites that use the “Abandoned Cart Lite for WooCommerce,” a plugin installed on over 20,000 WordPress sites, according to the official WordPress Plugins repository.