Security experts at Germany’s Computer Emergency Response Team (CERT-Bund) and Yonathan Klijnsma reveals that at least 3,000 websites have been compromised by attackers exploiting a known vulnerability in the Slider Revolution (RevSlider) plugin.
One of the most popular open source CMS WordPress is being regularly targeted by hackers and most of the cases site is compromised by one of the other vulnerability resides in the plugins. And this time again hackers have been leveraging a vulnerability in RevSlider WordPress plugin in a wild and which leads to compromised thousands of WordPress sites.
Hackers used the compromised site to distribute the malicious exploit kits via redirecting the visitors of the sites to the malicious sites. Klijnsma, also mention that attackers also used the Angler exploit kit for the malicious campaign.
For security, it is suggested to update the RevSlider plugin to the latest version, as the patch version of the plugins is available on the official WordPress website. Apart from this Klijnsma suggests to administrators whose websites have been compromised to remove all accounts and create new ones with new passwords because the attackers have gained administrative access to the site compromising all the accounts the moment of the attack.