This isn’t a warning about a future risk. Attackers are actively breaking into WordPress sites right now using known plugin weaknesses.

A Live Attack Wave Is Targeting Known Plugin Flaws

Security researchers are tracking an active, ongoing campaign where attackers chain together known plugin vulnerabilities, including remote code execution, server-side request forgery, and file upload flaws, to install hidden backdoors on WordPress sites. Once installed, these backdoors give attackers a way back into a site whenever they want, even after the original vulnerability is patched.

Small and mid-size business sites are already being hit, not just large targets. The attackers aren’t picking sites individually, they’re scanning broadly for anyone still running a vulnerable version of a plugin.

What to Do About It

  • Update every plugin on your site now, not just the ones you remember installing recently.
  • Remove any plugin you’re not actively using. An inactive plugin can still be a way in if it’s outdated.
  • If your site has been running an outdated plugin for a while, a patch alone may not be enough. A backdoor installed before the update can still be sitting there afterward.

This kind of attack relies on sites that aren’t being watched closely. If you’re not sure when your site’s plugins were last checked, having someone take a look is worth doing now rather than after something goes wrong.

Source: GBHackers Security News