Millions of WordPress accounts came under attack in just 24 hours as attackers made use of XSS vulnerabilities in WordPress themes to penetrate into database credentials.
The cybercriminals who executed the attack attempted to download wp-config.php files from WordPress accounts as they carry important information like database credentials, authentication unique keys, and salts.
They tried to access accounts via cross-site scripting (XSS) vulnerabilities in WordPress to gain control over their sites.
A QA engineer Ram Gall explained the attack:
“Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem.”
According to security researchers at Wordfence, there was a similar attack in April where the cyber attackers attempted to redirect visitors to malware sites via XSS vulnerabilities in patched that were awaiting updates from site owners.
Reportedly, the attackers executed 20m attacks in just a single day and half a million sites were affected.
To prevent such an attack in many cases, WordPress users are advised to update all plugins installed on their sites by integrating patches given by their creators. Moreover, deleting or disabling old themes and plugins that WordPress has removed from its storage can come in handy as well.