Skip to main content
  1. Home
  2. Computing
  3. News

Another WordPress exploit hits thousands of sites

By

The downside of becoming a popular content management system is that more and more people are looking for bugs you may have, in order to exploit them. It makes sense, as the more people use something, the more potential targets you have if you find a bug. But for WordPress’ developers, it must be an exercise in frustration patching holes as often as they need to.

Yet another bug has been found in the popular CMS in the past couple of weeks, and it’s seen thousands of sites targeted and millions of visitors made vulnerable. Visitors to sites that have been compromised risk being redirected to a site that attempts to infect them with the Nuclear Exploit kit, an ever-evolving arsenal of malware that can inject ransomware into a system, locking the desktop and encrypting files while demanding payment to return them to normal.

Recommended Videos

This nefarious campaign has been termed VisitorTracker by website security firm Sucuri, which is keeping on top of the malware’s development. At its current rate, around 6,000 WordPress sites are being infected every single day, which is a massive upswing from just a few days ago, where only 1,000 per day were being affected.

Related

Related: Should you worry about malware on your phone? We asked the experts

Unfortunately, despite the interest in this exploit, nobody is quite sure how it’s infecting sites as of yet – though the expected entry point is one or more extensions and plugins. As a preventative measure, site owners are encouraged to update to the latest version of WordPress if they haven’t already and update all of their plugins – even the Premium ones.

Sucuri is — perhaps unsurprisingly — also advertising its own malware detection tool, which can scan a website to see if it’s been affected by this or any other threats. Even if your site hasn’t though, the firm still recommends a Sucuri subscription, which perhaps should be taken with a pinch of salt.

For the rest of us, it’s just a case of staying safe online with all of the usual safeguards. Be especially careful when visiting some of your favorite sites over the next week or so while this bug works itself out.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
The Samsung Odyssey G8 gaming monitor is a steal with this deal
Uncharted Legacy of Thieves collection running on Samsung Odyssey Neo G8.

If your dream PC gaming setup is still missing a screen, we highly recommend taking a look at Samsung monitor deals for nice bargains. Here's one that's available right now: the 32-inch Samsung Odyssey Neo G8 gaming monitor with a $550 discount, which almost halves its original price of $1,300 to only $750. You shouldn't be wasting time though, as the offer may disappear at any moment -- you're going to have to proceed with your purchase immediately in order to secure the savings.

Why you should buy the 32-inch Samsung Odyssey Neo G8 gaming monitor

Read more
This Lenovo ThinkPad is usually $2,059 — today it’s under $1,000
The Lenovo ThinkPad L13 Yoga 2-in-1 laptop in tablet mode.

You can enjoy the best of both worlds between laptop deals and tablet deals if you go for a 2-in-1 laptop like the Lenovo ThinkPad L13 Yoga Gen 4, which is currently on sale from Lenovo itself at 54% off. Its estimated value of $2,059 may seem a bit too high, but in any case, it's a smart purchase at its discounted price of just $931. You'll have to be quick in finishing the purchase process for this device though, as it may be back to its regular price as soon as tomorrow.

Why you should buy the Lenovo ThinkPad L13 Yoga Gen 4 2-in-1 laptop

Read more
‘You can’t lick a badger twice’: How Google’s AI Overview hallucinates idioms
Samples of Google AI Overview errors.

The latest AI trend is a funny one, as a user has discovered that you can plug a made-up phrase into Google and append it with "meaning," then Google's AI Overview feature will hallucinate a meaning for the phrase.

Historian Greg Jenner kicked off the trend with a post on Bluesky in which he asked Google to explain the meaning of "You can't lick a badger twice." AI Overview helpfully explained that this expression means that you can't deceive someone a second time after they've already been tricked once -- which seems like a reasonable explanation, but ignores the fact that this idiom didn't exist before this query went viral.

Read more