Security News > 2020 > May > Nearly 1 Million WordPress Sites Targeted via Old Vulnerabilities
A large-scale attack campaign has targeted over 900,000 WordPress websites through vulnerabilities in plugins and themes, WordPress security company Defiant revealed this week.
Responsible for only a small volume of attacks in the past, the threat actor has ramped up the operation, with over 20 million attacks registered on May 3.
The researchers discovered that, over the past month, over 24,000 distinct IP addresses were used to attack more than 900,000 sites.
"Due to the sheer volume and variety of attacks and sites that we've seen targeted, it is possible that your site may be exposed to these attacks, and the malicious actor will likely pivot to other vulnerabilities in the future," Defiant says.
The targeted vulnerabilities are not new and have been abused in previous attacks as well.