Skip to main content

Attackers exploit old WordPress to inject sites with code enabling site redirection, takeover

posted onDecember 15, 2017
by l33tdawg
Credit:

Attackers have exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.

The exploited flaw is specifically found in outdated versions of the WordPress tagDiv Newspaper and Newsmag themes, according to a Dec. 14 blog post by Sucuri security analyst Douglas Santos. (Sucuri explains the vulnerability in further detail in an older report here.)

"Unfortunately, since this infection is related to a software vulnerability, strong passwords and security plugins will not protect you," writes Santos, noting that the malicious javascript can be found in a WordPress site's theme options.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th