- Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization.
- Massive local file inclusion (LFI) attempts have been discovered attempting to harvest WordPress and Magento credentials.
- Attackers continue to target old plugins with known vulnerabilities in an ongoing malware campaign targeting WordPress websites.
Source: Scuri check