WordPress Gets Soaked in New Plugin Attack

Sucuri first warned of vulnerabilities in the RevSlider plug-in in September, and an updated version of the plug-in has been available for months. It wasn’t until Dec. 14 that a large-scale attack that abuses the RevSlider vulnerabilities emerged. The attack leverages the RevSlider vulnerabilities to connect with the SoakSoak.ru domain to load a JavaScript malware.

“This plug-in [RevSlider] has multiple vulnerabilities, and one of them allows anyone to upload a theme to the vulnerable site,” Daniel Cid, co-founder and CTO of Sucuri, explained to eWEEK. “Attackers are leveraging it to upload a backdoor that gives them control of the Website.”

Read the full story at eWEEK:
SoakSoak Malware Attacks WordPress Sites

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web