A critical vulnerability in a WordPress plugin under active attack, risking over 17,000 websites A critical vulnerability in a WordPress plugin under active attack, risking over 17,000 websites A zero-day vulnerability allows attackers to upload malicious files on e-commerce websites, eventually taking over their databases for customer information. advertisement (Image for representation: Reuters) A new security risk has been discovered by the Threat Intelligence team at Wordfence. The vulnerability affects a WordPress plugin that allows the upload of images and PDF files for products. A threat report states that it is under active attack since January 30, 2021. A new vulnerability has been found in a WordPress plugin that affects over 17,000 websites. The vulnerability is actively being exploited to collect customer information from these e-commerce sites.