A large scale attack targeted hundreds of thousands of WordPress websites over the course of 24 hours, attempting to harvest database credentials by stealing config files after abusing known XSS vulnerabilities in WordPress plugins and themes.
“Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files,” Wordfence QA engineer and threat analyst Ram Gall said.
“The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this…
More Info
