Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection campaign that leverages all known and recently discovered theme and plugin vulnerabilities. Other organizations and blogs have described it in a similar manner, sometimes adding terms like “malvertising campaign” or naming domains that it was currently used (which amounts to several hundred over the past 6 years).
Cart
Recent Posts
- How to Find & Fix Japanese SEO Spam
- Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
- What is Secure Shell (SSH) & How to Use It: Security & Best Practices
- Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)
- Malware Scanning: An Essential Layer of Website Security
- Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
- Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin
- How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
- Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)
- Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin