As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…
Read more in my article on the Tripwire State of Security blog.

https://www.tripwire.com/state-of-security/featured/poisoned-wordpress-plugin/#new_tab