WordPress Websites Files and Databases Injected with Malicious JavaScript

WordPress is a content management system (CMS) that is free to use and open-source. It is built in PHP, and it can be combined with either a MySQL or MariaDB database. Plugin architecture and a template system, which are both referred to as Themes inside WordPress, are both included as features. WordPress was first developed as a platform for publishing blogs, but it has since expanded its functionality to support other types of web content, such as mailing lists and forums that are more traditional in nature, media galleries, membership sites, learning management systems (LMS), and online stores. WordPress, one of the most widely used content management systems in the world, is utilized by 42.8 percent of the top 10 million websites, according to statistics from October 2021.

What Happened?

The researchers from Sucuri have uncovered a massive campaign that is responsible for injecting malicious JavaScript code into compromised WordPress websites. This code takes visitors and redirects them to scam pages and other malicious websites in order to generate traffic that is not legitimate.

The Hacker News explained that this was accomplished by infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that is active on every page view.

Read More: https://heimdalsecurity.com/blog/wordpress-websites-files-and-databases-injected-with-malicious-javascript/