More than 900
000 WP sites were attacked through old vulnerabilities in themes and plugins.
This attack
was first discovered April 28th, but significantly increased May3
where more than 500 000 sites were targeted.
Campaign targeted
websites with malicious JavaScript designed to redirect users to malvertising
sites.
Researchers
discovered that during the last month more than 24 000 IPs were used to attack
more than 900 000 sites.
Vulnerabilities
used are already known, such as XSS in Easy2Map plugin (was removed from WP
repository in 2019), Blog Designer (patched in 2019), Newspaper Theme (patched
in 2016) and WP GDPR Compliance update (patched in 2018).
Site owners
are advised to keep their plugins updated and delete plugins that were removed
from WP repository.
No comments:
Post a Comment