A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — infiltrating over a million websites and leaving administrators scrambling for solutions.

In April 2023, Bleeping Computer and other tech outlets like TechRadar began circulating reports of cybercriminals successfully hacking WordPress websites. They were able to gain access via a toxic combination of the popular plugins Elementor Pro Premium (Webpage builder) and WooCommerce (Online storefront).