Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce. According to a blog written by Mikey Veenstra of WordPress firewall company Defiant (formerly Wordfence), the attacks exploit a cross-site scripting (XSS) flaw in version 5.1.3, a plug-in designed to help site admins analyse and recover sales lost when shoppers abandon carts.
Read full news article on Naked Security