Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in attacks over the past weeks and was patched on Monday.
Read full article on ZDNet