Malware enabling rogue admin account creation has been injected into five WordPress plugins with more than 30,000 cumulative downloads as part of a software supply chain attack that commenced on Friday.
Article Link: Supply chain attack compromises WordPress plugins | SC Media