WordPress is an extremely popular blogging platform that makes extensibility easy through thousands of third-party plug-ins. Now one of those plug-ins, called MailPoet (link), is causing issues for thousands of sites (some estimate the number to be between 50,000-100,000).
A MailPoet vulnerability has been discovered and exploited in the wild that allows attackers to inject malware, spam or defacement webpages into any site running the vulnerable plug-in without authenticating.
CEO of Sucuri, a security research firm, has seen a huge spike in sites being compromised by cybercriminals to install and deploy backdoors. (link)
“To be clear, the MailPoet vulnerability is the entry point, it doesn’t mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighbouring website, it can still affect your website.”
Courtesy Sucuri - This is the total number of hacked sites that we were able to identify so far (per day)