Thousands of WordPress Sites Hacked to Fuel Scam Campaign
Over 2,000 WordPress sites have been hacked according to website security firm Sucuri. Sucuri analysts detected attackers exploiting vulnerabilities in plugins used by many WordPress customers to add additional features to their operations. The analysts detected the vulnerabilities in the third week of January.
The hacks were purported to fuel a campaign to redirect visitors to scam sites, often containing fake surveys, giveaways, and fake Adobe Flash downloads. Although many plugins were likely targeted, Sucuri reported that the CP Contact Form with PayPal and the Simple Fields plugins were two of the most highly exploited.