1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs

A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.