WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in more than two dozen plugins and themes to compromise vulnerable systems, reports The Hacker News.
said Russian security provider Doctor Web in a report published last week.
The attacks involve arming a list of known security vulnerabilities on 19 different plugins and themes that are likely installed on the WordPress site, using it to deploy an implant that can target a specific website to further expand the web.
Experts advise WordPress users to keep all platform components up-to-date, including third-party add-ons and themes. They are also advised to use strong and unique logins and passwords to protect their accounts.