Attackers have exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.
The exploited flaw is specifically found in outdated versions of the WordPress tagDiv Newspaper and Newsmag themes, according to a 14 December blog post by Sucuri security analyst Douglas Santos. (Sucuri explains the vulnerability in further detail in an older report here.)
Following code injection, the malware can execute two possible attack scenarios, depending on the site visitor: If the visitor is determined to be logged in as an admin user, the malware creates the rogue user “simple001” with full admin privileges, allowing for complete takeover of the site. If visitors are not logged as an admin and they have not been to the site within the last 10 hours, then the malware commences a chain of redirects that sends them to various scam and advertisement sites.
Sucuri previously reported in June that the tagDiv Newspaper theme has been sold to more than 40 thousand users, not counting pirated copies.