Zero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites.
The attacks have been spotted by Wordfence, a company that specializes in protecting WordPress websites.
The firm’s investigation revealed that attackers had been exploiting previously unknown vulnerabilities in three WordPress plugins. The flaws, described as critical PHP object injection issues, affect the Appointments, Flickr Gallery, and RegistrationMagic-Custom Registration Forms plugins.