The plugin Simple Social Buttons allows Wordpress users to distribute content on social media platforms. The flaw was discovered by a security developer at WebARX.

The makers of the WPML plugin said they're taking legal action against the attacker.

The flaw has been patched in the privacy-focused plugin WP GDPR Compliance, which has more than 100,000 downloads.

A third-party plugin co-opted sites, including ones belonging to the U.S. federal courts and D.C.'s public transit system, to mine Monero.