WordPress shopping sites under attack

Hackers using cross-site scripting (XSS) flaw in abandoned cart plugin to take over vulnerable sites.

shopping cart

WordPress-based shopping sites are under attack from a hacker group abusing a vulnerability in a shopping cart plugin to plant backdoors and take over vulnerable sites.

Attacks are currently ongoing, according to Defiant, the company behind Wordfence, a firewall plugin for WordPress sites.

Hackers are targeting WordPress sites that use the “Abandoned Cart Lite for WooCommerce,” a plugin installed on over 20,000 WordPress sites, according to the official WordPress Plugins repository.

Read more…