Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin

>

A zero-day vulnerability found in a premium WordPress plugin is being actively exploited in the wild, researchers say, urging users to remove it from their websites until a patch is released.

WordPress security plugin (opens in new tab) Creators WordFence discovered a flaw in WPGateway, a premium plugin that helps administrators manage other WordPress plugins and themes from a single dashboard.