More than 2,000 WordPress sites have been infected with malicious JavaScript that redirects visitors to scam websites and sets the stage for additional malware to be downloaded at a later time.
The Sucuri team said access is gained to WordPress sites through plugin vulnerabilities, including Simple Fields and CP Contact Form with PayPal. [ed note: None of the sites we manage are subject to these infections, as the security plugins we use protect against exploits of this type. And no sites under our management currently use the known vulnerable plugins. ] A large uptick in this activity was picked up during the third week of January.