WordPress sites are hacked to hijack your browser and then attack other sites

Thousands of WordPress sites under threat from dodgy plugins

Experts have warned that cybercriminals are using compromised WordPress sites to build a massive army for credential stuffing attacks.

A report by cyber security researchers Sucuri spotted the campaign and believes they know what its purpose is. that is, look for vulnerable sites from the website builder where they can insert a small script into the HTML templates. That script causes the site visitor's computer to visit another WordPress site (in the background, unbeknownst to the victim) and try to log in using different combinations of usernames and passwords.

Leave a Reply

Your email address will not be published. Required fields are marked *