sao completion values can contain executable JavaScript that runs in sao context, exposing session and sensitive data; upgrade sao to the latest version.
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Attackers inject malicious JavaScript into WordPress theme files to load external scripts that redirect visitors via a traffic-distribution system while mimicking Cloudflare assets.