The Federal Bureau of Investigation warned Tuesday that attackers claiming to be sympathetic to the extremist group ISIS are targeting websites that have vulnerable WordPress plugins.
The content management system has a thriving community of third-party developers who have created some 37,000 plugins, but occasionally security vulnerabilities in one can put a large number of websites at risk.
The vulnerabilities can allow the hackers to gain unauthorized access, inject scripts or install malware on the affected sites, according to an advisory published by the FBI’s Internet Crime Complaint Center. The attackers have hit news organizations, religious institutions, commercial and government websites.
