Thousands of WordPress sites could be at risk, so patch now

>

Three popular e-commerce plugins for WordPress (WP) installations, open to SQL injection attacks since December 2022, are patchedprotect companies from threat actors who modify or remove their websites.

The three affected plugins, as discovered by Tenable security researcher Joshua Martinelle (opens in new tab) (through Beeping computer (opens in new tab)), goods ‘Paid Memberships Pro (opens in new tab)‘, a subscription management tool that is active on more than 100,000 installations,’Simple digital downloads (opens in new tab)‘, an e-commerce tool active on more than 50,000 installations, and ‘Survey Marker (opens in new tab)‘ (a market research tool with over 3,000 active installs)