Return To ArticlePopular web hosting site WordPress has come under attack from hackers exploiting a flaw that allows them to creat rogue admin accounts.
Researchers at security firm Wordfence discovered that known vulnerabilities in WordPress plugins have been exploited by injecting malicious JavaScript into the frontends of victim sites which leads visitors to these compromised sites to be redirected to potentially harmful content including malware droppers and fraudulent sites. Many of the playloads are obfuscated by the attackers in an attempt to avoid detection by WAF and IDS software.
