Over 900,000 WordPress sites have been targeted in a new attack campaign which aims to redirect visitors to malvertising sites or plant backdoors into a theme’s header if an administrator is logged in.

The majority of these attacks appear to be the work of a single threat actor based on the malicious JavaScript payload they are attempting to inject in vulnerable sites. The attacker also leveraged older vulnerabilities that allowed them to change a site’s home URL to the same domain used in the cross-site scripting (XSS) payload in order to redirect visitors to malvertising sites.

Source Article