Hosted on MSN

A key WordPress feature has been hijacked to show malicious code, spam images

Researchers from Sucuri found malicious code hiding in the mu-plugins directory The malware redirected visitors, served spam, and could even drop malware The sites were compromised through vulnerable ...
Threat Post

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...