The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
Researchers are urging WordPress site owners to delete a compromised plugin after multiple zero-day vulnerabilities were discovered being exploited by a malicious actor.
Researchers at Wordfence said on Friday that flaws in the plugin, Total Donations, are being exploited by malicious actors to gain administrative access to impacted WordPress sites. Making matters worse, the plugin appears to be abandoned, and there was no response from its developers at Calmar Webmedia about the flaws despite multiple attempts to contact them.
For More Details :
https://threatpost.com/wordpress-users-urged-to-delete-zero-day-ridden-plugin/141209/
