Another worrying WordPress plugin security flaw could put 250,000 websites at risk

Ally was carrying an SQL injection flaw that allowed data exfiltration.
Infosecurity Magazine

Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign

Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers ...