Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection campaign that leverages all known and recently discovered theme and plugin vulnerabilities. Other organizations and blogs have described it in a similar manner, sometimes adding terms like “malvertising campaign” or naming domains that it was currently used (which amounts to several hundred over the past 6 years).
Cart
Recent Posts
- How to Update, Install & Remove WordPress Plugins & Themes With WP-CLI
- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
- WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
- WordPress Vulnerability & Patch Roundup May 2023
- How to Secure Your Online Store: A Ecommerce Security Primer
- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
- Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
- What Is a Keylogger?
- W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
- Vulnerability in Essential Addons for Elementor Leads to Mass Infection