We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts.
Plugins Added to the Attack
- Download WP Inventory Manager (version <= 1.8.2)
- Woocommerce User Email Verification. (version <= 3.3.0 **Still Not Fixed**)
Attackers are trying to exploit vulnerable versions of these plugins.
Source: Scuri check