Zero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites.

The attacks have been spotted by Wordfence, a company that specializes in protecting WordPress websites.

The firm’s investigation revealed that attackers had been exploiting previously unknown vulnerabilities in three WordPress plugins.