Hackers Exploit Recent WordPress Plugin Bugs for Malvertising

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,731
123,840
8,399
Content source
https://www.bleepingcomputer.com/news/security/hackers-exploit-recent-wordpress-plugin-bugs-for-malvertising/
An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin according to Wordfence's Defiant Threat Intelligence team.

The now patched flaw allows unauthenticated attackers to inject JavaScript or HTML code into the blog front-end of WordPress sites running the plugin's version 1.7.8 or below.

The malvertising campaign detected by Wordfence causes compromised WordPress sites "to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads."
Click to expand...
www.wordfence.com

Recent WordPress Vulnerabilities Targeted by Malvertising Campaign

The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads. This type of campaign...
www.wordfence.com
 
  • Like
Reactions: upnorth, Moonhorse and harlan4096
You must log in or register to reply here.

You may also like...