Security News > 2023 > January > WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems.

"If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.

The attacks involve weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on a WordPress site, using it to deploy an implant that can target a specific website to further expand the network.

The disclosure comes weeks after Fortinet FortiGuard Labs detailed another botnet called GoTrim that's designed to brute-force self-hosted websites using the WordPress content management system to seize control of targeted systems.

Last month, Sucuri noted that more than 15,000 WordPress sites had been breached as part of a malicious campaign to redirect visitors to bogus Q&A portals.

The GoDaddy-owned website security company, in June 2022, also shared information about a traffic direction system known as Parrot that has been observed targeting WordPress sites with rogue JavaScript that drops additional malware onto hacked systems.

News URL

https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html