Attackers Target 1M+ WordPress Sites To Harvest Database Credentials – Threatpost

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials.

Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.

The attacks were aiming to download wp-config.php, a file critical to all WordPress installations. The file is located in the root of WordPress…


More Info

About mblog.my

Check Also

The WordPress Community Comes Together in Taipei – WordPress.com News

The WordPress Community Comes Together in Taipei – WordPress.com News

Taking a look at WordPress.com’s presence at WordCamp Asia 2024 in Taipei, Taiwan. This year’s …