More than 2000 WordPress sites have been hacked by cybercriminals for a scam campaign that redirects visitors to several scam sites.
What does the report say?
Discovered by researchers from Sucuri, the hacking campaign makes use of previously known vulnerabilities in WordPress plugins. Some of the vulnerable plugins exploited include the ‘CP Contact Form with PayPal’ and the ‘Simple Fields’.
Website owners are urged to disable the modification of primary folders to block hackers from inserting malicious files. Meanwhile, experts claim that attackers will continue to register new domains or leverage existing unused domains to conduct such scam campaigns in the future.