via pluginvulnerabilities.com => original post link
One method we have for monitoring what vulnerabilities in WordPress plugins hackers are trying to exploit, is allowing users of our firewall plugin to report hacking attempts blocked by our firewall that we haven’t already logged as being known about. Part of what that is showing is that hackers are trying to exploit falsely claim vulnerabilities that are really old. One of those involved a plugin named YouSayToo auto-publishing plugin, which was closed on the WordPress Plugin Directory so long ago the date it was closed isn’t even listed. The plugin was last updated 12 years ago. Here was the exploit attempt sent to a customer’s website:
/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=alert(document.domain) [Read more]